Debugging a Virtual Access Service Managed Gateway · 2016. 8. 8. · 1 About this document . 1.1 Scope . This guide explains the various tools on a Service Managed Gateway (SMG)

Debugging a Virtual Access Service Managed Gateway

Issue: 1.0

Date: 09 July 2013

Table of Contents _______________________________________________________________________________________________________

1 About this document .................................................................................... 3

1.1 Scope ..................................................................................................... 3

2 WAN connectivity ......................................................................................... 4

2.1 ADSL ...................................................................................................... 4

2.1.1 Active data connections ....................................................................... 4

2.1.2 ADSL bandwidth ................................................................................. 4

2.1.3 DSL spectrum analyzer ........................................................................ 5

2.1.4 Line history ........................................................................................ 9

2.1.5 PPP ................................................................................................. 10

2.1.6 LCP ................................................................................................. 10

2.1.7 Authentication .................................................................................. 11

2.1.8 IPCP ................................................................................................ 11

2.1.9 MLPPP ............................................................................................. 14

2.2 3G modem............................................................................................ 19

2.2.1 Signal strength ................................................................................. 20

2.2.2 3G status ......................................................................................... 20

2.2.3 GSM status ...................................................................................... 21

2.3 PSTN modem........................................................................................ 24

3 IPSec ......................................................................................................... 26

3.1 Phase I ................................................................................................ 26

3.1.1 PFS ................................................................................................. 27

3.2 Phase II ............................................................................................... 27

4 Port forwarding .......................................................................................... 29

4.1 Port forwarding using CLI .................................................................... 29

4.2 Port forwarding using the web interface .............................................. 29

1: About this document _______________________________________________________________________________________________________

1 About this document

1.1 Scope

This guide explains the various tools on a Service Managed Gateway (SMG) that will enable you to debug issues within the following features:

• WAN connectivity

• IPSec

• Port forwarding

This document is for engineers who have previous experience configuring and managing SMG routers.

2: WAN connectivity _______________________________________________________________________________________________________

2 WAN connectivity

Virtual Access routers enable WAN connections and other types of networks, so that users and devices in one location can communicate with users and devices in other locations.

2.1 ADSL

2.1.1 Active data connections

The Active Data Connections page shows the type of connection, IP address, ADSL rates and data uptime duration. The Duration field is a useful support tool as it shows how long the data connection has been up.

From the Start page, click Status. In the Status menu, click Active Data Connections. The Active Data Connections page appears.

Figure 1: The active data connections table

2.1.2 ADSL bandwidth

The ADSL bandwidth graph displays transmitted and received ADSL bandwidth in real time. This is useful for monitoring real-time usage of the WAN link.

Note: you can only view ADSL bandwidth information if your router has an ADSL interface.

In the Status menu, click ADSL Bandwidth. The ADSL Bandwidth page appears.


Figure 2: The ADSL bandwidth page

Command line: sh stats adslbw

Figure 3: Output for the command line sh stats adslbw

2.1.3 DSL spectrum analyzer

The DSL Line Spectrum is part of the ADSL service management support, which allows you to easily establish the source of a fault.

The DSL Spectrum Analyzer provides a graphical real-time display of the line spectrum. This enables you to check for a good ADSL connection at the expected upload and download trained rates. It is also possible to upload the spectrum data so that a record of the line quality can be stored at installation. Then if there are problems the recorded spectrum can be compared to the current data.

In the Status menu, select ADSL Line Spectrum. The ADSL Line Spectrum page appears.


Figure 4: The DSL spectrum analyzer page


Command line: show stats adsl adsl-0

Figure 5: Output of the command line show stats adsl

Use the command show stats adsl-1 to view line 2 statistics.

The ADSL Tx and Rx counters measure the number of transmitted and received packets on the ADSL interface. This view also contains FEC, HEC, CRC and BER error counters as well as detailed ADSL information. This information is critical in determining the quality of an ADSL circuit for VoIP.

To view the ADSL Tx and Rx statistics, from the Start page, click Advanced-> Expert View.

In the top menu, click Operations.

In the Operations menu, click performance-> interface stats > adsl stats > statistics.


Figure 6: Output of view stats adsl

Important elements to check are outlined below.

ADSL mode: interleaved or fast as outlined above. Note that ADSL2+ circuits will always display fast. To determine if interleaved is on, check if FEC errors are incrementing

Noise margin: the higher this value the better. This value is determined by the DSLAM SNR rate. The router will train the ADSL line according to this value. The lower the SNR, the higher the training rate but this may introduce excessive line errors which can be checked below.

Attenuation: the lower this value the better. This value is an indication of the quality of a line. The further you are away from the exchange, the higher this


value will be and the possibly more loss experienced. Attenuation figures above 60dB will cause poor voice quality

Error detection and correction: the number of CRC errors will indicate an error detection which required retransmission. The number of FECs will indicate the number of times the decoder detected an error and corrected it. HEC shows the number of error corrections in an ATM cell header. BER shows a ratio of error bits to transmitted bits.

2.1.4 Line history

The Line History view gives a history of ADSL connectivity over a number of days. The applet displays in horizontal blocks of 24 for each hour of the day. You can use the zoom facility to view detailed information for any hour during that period. This tool is useful as the first stop in support. Support teams can view how long the ADSL has been active and how long it has been down, or both. You can also download this line history information in text format.

In the Status menu, click Line History. The Line History page appears.

Figure 7: The line history page

To zoom in on any particular hour of any of the days displayed, either click the box and then click Zoom In, or double-click the box.


Downloaded line history appears in the following format.

Interface Connection time

Connection date

Disconnection time

Disconnection date

Duration time

Tx Speed

Rx Speed

Description

adsl-0 08:34:13 Dec 25, 2008 08:34:25 Dec 25, 2008 00:00:12 0 0 Connection Lost

adsl-0 08:34:25 Dec 25, 2008 22:34:55 Dec 28, 2008 14:00:30 384 3072

Connection opened, G.DMT, Fast

adsl-0 22:34:55 Dec 28, 2008 22:35:08 Dec 28, 2008 00:00:13 0 0 Connection Lost

adsl-0 22:35:08 Dec 28, 2008 08:09:01 Jan 01, 2009 09:33:53 384 3072

Connection opened, G.DMT, Fast

adsl-0 08:09:01 Jan 01, 2009 08:09:13 Jan 01, 2009 00:00:12 0 0 Connection Lost

Command line: show line history

Figure 8: Output of the command line show line history

2.1.5 PPP

Point to point protocol consists of three layers:

• LCP

• Authentication

• IPCP

2.1.6 LCP

Link Control protocol or LCP is the first layer between the CPE and the core network.

A number of configurable parameters are set at LCP layer.

The CPE will send out a configure request and the core network will acknowledge or nak it

To debug LCP, type in the following command lines.

Command line: ++all 6

Command line: ++PPPLCP

Command line: ++LCP

The following sample shows the output of the above debug command line.


|12:23:10 LCP Tx ppp-1: configure request id=[185]

|12:23:10 LCP Tx Opt = Maximum Receive Unit, Len = 4, Value = 1486

|12:23:10 LCP Rx ppp-1: configure request id=[1]

|12:23:10 LCP Rx Opt = Maximum Receive Unit, Len = 4, Value = 1492

|12:23:10 LCP Rx Opt = Authentication Protocol, Len = 5, Value = c2 23 05

|12:23:10 LCP Rx Opt = Magic Number, Len = 6, Value = b6 25 f7 68

|12:23:10 LCP Tx ppp-1: configure reject id=[1]

|12:23:10 LCP Tx Opt = Magic Number, Len = 6, Value = b6 25 f7 68

|12:23:10 LCP Rx ppp-1: configure ack id=[185]





|12:23:10 LCP Tx ppp-1: configure ack id=[2]


|12:23:10 LCP Tx Opt = Authentication Protocol, Len = 5, Value = c2 23 05

|12:23:10 lcp up ppp-1

|12:23:10 PPP Debug LCP Layer Up

2.1.7 Authentication

During PPP negotiation PAP or CHAP authentication is used.

PAP or password authentication is rarely used in the Virtual Access CPE configuration deployment.

CHAP or Challenge Handshake Authentication Protocol is widely used in the VA CPE configuration deployment

Once the Lick has established at LCP then the core network will either challenge the CPE or the CPE authenticates itself by sending the username and password

To debug authentication, type in the following command lines.


Command line: ++auth


|12:23:10 CHAP rx i/f ppp-1: [Challenge]

|12:23:10 PPP Debug Authenticate Request

|12:23:10 CHAP tx i/f ppp-1: [Response]

|12:23:11 LCP Tx ppp-1: echo request id=[187]

|12:23:12 CHAP rx i/f ppp-1: [Success]

|12:23:12 PPP Debug Authenticate ACK Received

2.1.8 IPCP

Internet protocol control protocol is the final layer of PPP.


To debug IPCP, type the following command lines.


Command line: ++IPCP


|12:23:12 IPCP tx ppp-1: configure request id=[188]

|12:23:12 IPCP tx Opt = Address, Len = 6, Value = 0.0.0.0

|12:23:12 IPCP tx Opt = Primary DNS Address, Len = 6, Value = 0.0.0.0

|12:23:12 IPCP tx Opt = Secondary DNS Address, Len = 6, Value = 0.0.0.0

|12:23:12 IPCP rx ppp-1: configure request id=[1]

|12:23:12 IPCP rx Opt = Address, Len = 6, Value = 172.19.101.3

|12:23:12 PPP Debug NCP IP Routing Reject

|12:23:12 IPCP tx ppp-1: configure reject id=[1]



|12:23:12 IPCP rx ppp-1: configure reject id=[188]

|12:23:12 IPCP rx Opt = Secondary DNS Address, Len = 6, Value = 0.0.0.0





|12:23:12 PPP Debug NCP Configuration ACK

|12:23:12 IPCP tx ppp-1: configure ack id=[2]

|12:23:12 LCP Rx ppp-1: echo reply id=[189]

|12:23:12 IPCP rx ppp-1: configure nak id=[190]


|12:23:12 IPCP rx Opt = Primary DNS Address, Len = 6, Value = 8.8.8.8




|12:23:12 IPCP rx ppp-1: configure ack id=[191]



|12:23:12 ncp up ppp-1

|12:23:12 PPP Debug NCP Layer Up The following command lines show a sample debug of PPP.


Command line: ++PPP

Command line: ++PPPlcp










|12:23:10 LCP Rx Opt = Magic Number, Len = 6, Value = b6 25 f7 68


|12:23:10 LCP Tx Opt = Magic Number, Len = 6, Value = b6 25 f7 68









|12:23:10 lcp up ppp-1








12:23:12 IPCP tx ppp-1: configure request id=[188]






|12:23:12 PPP Debug NCP IP Routing Reject

|12:23:12 IPCP tx ppp-1: configure reject id=[1]



|12:23:12 IPCP rx ppp-1: configure reject id=[188]



















|12:23:12 ncp up ppp-1

|12:23:12 PPP Debug NCP Layer Up

12:23:13 LCP Tx ppp-1: echo request id=[192]







|12:23:16 LCP Rx ppp-1: echo reply id=[195] To check the status of PPP, type the following command.

Command line: show ppp options ppp-1

The following command line shows a sample of the output of PPP status.

LCP Configured MRU 1482

LCP Configured MRRU 1486

LCP Tx Accepted MRU 1500

LCP Tx Accepted MRRU 1486

LCP Rx Accepted MRU 1486

LCP Rx Accepted Authentication Protocol c22305

LCP Rx Accepted MRRU 1524

LCP Rx Accepted Endpoint Discriminator 01 6c 6e 73 31

IPCP Configured Address 0.0.0.0

IPCP Configured Primary DNS Address 0.0.0.0

IPCP Configured Secondary DNS Address 0.0.0.0

IPCP Tx Accepted Address 172.22.100.96

IPCP Tx Accepted Primary DNS Address 8.8.8.8

IPCP Tx Accepted Secondary DNS Address 4.4.4.4

CCP Configured Stacker LZS Compression 000104

2.1.9 MLPPP

Multilink PPP is the bonding of two or more ADSL lines. The most common issue is MRRU values that have not been configured correctly or the LNS not set up correctly, both of which are out of the scope of this document.

To check the status of MLPPP, type the following command.


Command line: show stats mlppp all

The following command line shows a sample of the output of MLPPP status.


Bundle Uptime: 001:19:20:40 (DDD:HH:MM:SS)

Active links: 2 (2)

Username:

Endpoint Discriminator: 01 6c 6e 73 31

Local MRRU: 1486

Remote MRRU: 1524

Transmitted Packets: 2585602

Received Packets: 3249965

Received Fragmented Packets: 0

Bundle Id: 1

Member Links: 2

Last Processed Seq: 3257543

MRRU: 1524

MP header format: Long

Total Pkts Tx / Rx: 2585602 / 3249965

Total Bytes Tx / Rx: 892585393 / 2959041473

Total Frags Tx / Rx: 2585593 / 3249965

Single Frags Tx / Rx: 2585601 / 3249965

NULL Frags Tx / Rx: 0 / 0

Dropped Pkts Tx / Rx: 0 / 0

Non-MP Pkts Tx / Rx: 312084 / 312195

RX out of sequence frags: 2216702

RX pkts discarded (frag loss): 0

RX frags discarded (frag loss): 0

RX pkts expired: 10351

RX pkts arrived too late: 3196

Maximum too late arrival(ms): 262

Sequence queue bypassed: 975171

Sequence queue overflow: 36

Link ppp-1 ppp-2

Bundle ID 1 1

Uptime (DDD:HH:MM:SS) 001:19:20:40 000:02:06:28

Last Received Seq 3257542 3257543

Load Balance Bytes Tx 20587844 20642535

Bytes Tx 445385821 20642535

Bytes Rx 1643887292 279305691

Frags Tx 1292929 153028

Frags Rx 2015953 285719

Single Frags Tx 1292928 153028

Single Frags Rx 2015952 285719

NULL Frags Tx 0 0

NULL Frags Rx 0 0

Dropped Pkts Tx 0 0

Dropped Pkts Rx 0 0

Non-MP Pkts Tx 156050 7587


Non-MP Pkts Rx 156130 7586 The following command lines show a sample debug of MLPPP.


Command line: ++PPP




Command line: ++MLPPP

The following command line shows a sample of the output of MLPPP.




|13:03:27 POE link up ppp-2




|13:03:28 LCP Rx Opt = Magic Number, Len = 6, Value = 5e f4 ef 4a


|13:03:28 LCP Tx Opt = Magic Number, Len = 6, Value = 5e f4 ef 4a









|13:03:28 lcp up ppp-2









|13:03:28 LCP Rx Opt = Magic Number, Len = 6, Value = bd 73 3a f2

|13:03:28 LCP Rx Opt = MLPPP MRRU, Len = 4, Value = 1524

|13:03:28 LCP Rx Opt = MLPPP EPDM, Len = 7, Value = 01 6c 6e 73 31

|13:03:28 PPP Debug EPDM accepted

|13:03:28 lcp down ppp-2

|13:03:28 PPP Debug LCP Layer Down



|13:03:28 LCP Tx Opt = MLPPP MRRU, Len = 4, Value = 1486

|13:03:28 LCP Tx Opt = MLPPP EPDM, Len = 15, Value = 01 30 30 65 30 63 38 30 30


|13:03:28 LCP Rx ppp-2: configure nak id=[124]


|13:03:28 PPP Debug LCP NAK




|13:03:28 LCP Tx Opt = MLPPP EPDM, Len = 15, Value = 01 30 30 65 30 63 38 30 30




|13:03:28 LCP Rx Opt = Magic Number, Len = 6, Value = bd 73 3a f2





|13:03:28 LCP Tx Opt = Magic Number, Len = 6, Value = bd 73 3a f2




|13:03:28 LCP Rx Opt = MLPPP EPDM, Len = 15, Value = 01 30 30 65 30 63 38 30 30






|13:03:28 LCP Tx ppp-2: configure nak id=[3]












|13:03:28 LCP Tx Opt = MLPPP EPDM, Len = 7, Value = 01 6c 6e 73 31

|13:03:28 lcp up ppp-2




|13:03:28 MP (Link added): port 1 to bundle (id=1)

|13:03:28 ncp up ppp-2






2.2 3G modem

Depending on the hardware model some Virtual Access routers have optional 3G modems. The most common issues are signal strength and SIM registration.


Depending on the provider, the SIM will be allocated a public or Private IP address which may or may not be reachable from the internet.

2.2.1 Signal strength

Signal Strength Description > -113dBm, < -89 dBm Low signal strength - connection not reliable >= -89 dBm, < -69 dBm Medium signal strength - Good connection >= -69 dBm High signal strength - Excellent connection

Table 1: Samples of signal strength and their values

2.2.2 3G status

Depending on the hardware model, the modem interface will be assigned to either modem-0 or modem-1


Command line: show modem interface status modem-0

Modem state: Activated

Connected: Yes

Call state: Connected

GSM status

SIM status: Ready

Signal quality: -63 dBm

Network registration: Registered - home network

GPRS network registration: Registered - home network

Operator: vodafone IE

Operator selection: Automatic

Radio access technology: UMTS: HSDPA

IMEI: 355783040128144

Mobile country code: 272

Mobile network code: 01

Location area code: 0BCC

Cell identifier: 000AA787

Active SIM: SIM1

IMSI: 272017111378751

ICCID: 8935301091020030148

Scrambling Code: Not known or not detectable

RSCP: Not known or not detectable

Ec/Io: Not known or not detectable

SIM switch enabled: No

Automatic reset enabled: No

Number of resets: 0

Number of remote disconnects: 0

The following command lines show a sample debug of 3G.


Command line: ++modem

Command line: ++PPP


Command line: ++Auth


The following command line shows a sample of the output of GM status.


|04:16:23 Modem Tx: AT+CGREG?;+CREG?;+CSQ;+COPS=3,0;+COPS?;+COPS=3,2;+COPS?

|04:16:23 Modem Rx: AT+CGREG?;+CREG?;+CSQ;+COPS=3,0;+COPS?;+COPS=3,2;+COPS?

|04:16:23 Modem Rx: +CGREG: 2,1,"0BCC","000AA787",4

|04:16:23 Modem Rx: +CREG: 0,1

|04:16:23 Modem Rx: +CSQ: 25,99

|04:16:23 Modem Rx: +COPS: 0,0,"vodafone IE",2

|04:16:23 Modem Rx: +COPS: 0,2,"27201",2

|04:16:23 Modem Rx: OK

|04:16:26 modem-0: Connecting GPRS/UMTS ()

|04:16:26 Modem Tx: AT+CPIN?

|04:16:26 Modem Rx: AT+CPIN?

|04:16:26 Modem Rx: +CPIN: READY


|04:16:26 modem-0: SIM ready

|04:16:26 Modem Tx: AT+CGDCONT=1,"IP",""

|04:16:26 Modem Rx: AT+CGDCONT=1,"IP",""


|04:16:26 Modem Tx: ATD*99#

|04:16:26 Modem Rx: ATD*99#

|04:16:27 Modem Rx: CONNECT


|04:16:27 LCP Tx Opt = Async Control Character Map, Len = 6, Value = 00 00 00 0


|04:16:27 LCP Tx Opt = Protocol Field Compression, Len = 2, Value = none

|04:16:27 modem-0: Outgoing call connected



|04:16:27 LCP Rx Opt = Address and Control Field Compression, Len = 2, Value =

|04:16:27 LCP Rx Opt = Protocol Field Compression, Len = 2, Value = none

|04:16:27 LCP Rx Opt = Async Control Character Map, Len = 6, Value = 00 00 00 0

|04:16:27 LCP Rx Opt = Magic Number, Len = 6, Value = f8 11 73 55


|04:16:27 LCP Tx Opt = Address and Control Field Compression, Len = 2, Value =



|04:16:27 LCP Tx Opt = Magic Number, Len = 6, Value = f8 11 73 55











|04:16:30 LCP Rx Opt = Async Control Character Map, Len = 6, Value = 00 00 00 0


|04:16:30 LCP Rx Opt = Protocol Field Compression, Len = 2, Value = none

|04:16:30 lcp up ppp-1









|04:16:30 IPCP tx Opt = Compression Protocol, Len = 6, Value = 00 2d 0f 01



|04:16:30 Modem Rx: *EPSB: 3

|04:16:32 Modem Rx: *EPSB: 5

|04:16:32 Modem Rx: *EPSB: 6




















|04:16:33 IPCP rx Opt = Compression Protocol, Len = 6, Value = 00 2d 0f 01



|04:16:33 ncp up ppp-1



2.3 PSTN modem

Some Virtual Access routers have a PSTN modem, which by default is configured to allow dial in access or out of band management.

The modem interface is assigned to a configured PPP interface and the same PPP debugging will apply.

Some common faults are incorrect cabling or disconnected cables, PSTN fault and micro filter faults. These can lead to a slow speed connection in which the router will not be contactable due to the poor quality of the line.

The following command lines show a sample debug of PSTN modem.


Command line: ++modem

Command line: ++PPP


Command line: ++Auth


super> connect p1

The following shows a sample of the output of PSTN modem.


|13:18:48 Modem: Dial (900441234567899)

|13:18:48 Modem Tx: atv0w2e0

Connect initiated successfully

|13:18:48 Modem Rx: 0

|13:18:48 Modem Tx: ats7=30dt900441234567899

|13:19:19 Modem Rx: 84


|13:19:19 Modem: Outgoing Call Connected 33600 bps





|13:19:21 lcp up ppp-1





|13:19:21 PPP Debug NCP 0 32801 33 NAK

|13:19:21 IPCP tx ppp-1: configure nak id=[9]








|13:19:22 ncp up ppp-1


3: IPSec _______________________________________________________________________________________________________

3 IPSec

3.1 Phase I

A hybrid protocol called Internet Key exchange (IKE) establishes and maintains unidirectional communication in an IPSec environment.

Phase I establishes IKE.

There are two ways of implementing Phase I:

• Main mode

• Aggressive mode

Main mode

Most common use of main mode is when both ends of the tunnel are using fixed IP addresses.

In main mode, a secure channel is established by sending three packets of data from the initiator and three from the responder.

The most common failures for main mode messages between 1 and 4 are:

• Remote peer not configured to accept VPN negotiations

• Differing exchange types

• DH group mismatch

• Encryption Algorithms are wrong

• The most common failure for main mode messages 5 and 6 are

• Pre-shared keys not matching

The following command lines show a sample debug of Phase I.


Command line: ++ike

The following shows a sample of the output of Phase I debug.

3: IPSec _______________________________________________________________________________________________________

|17:32:45 IKE: MM Msg1 sent for policy 1

|17:32:45 IKE: MM Msg2 received for policy 1

|17:32:45 IKE: Vendor VA1

|17:32:45 IKE: Vendor DPD

|17:32:45 IKE: MM Msg3 sent for policy 1

|17:32:45 IKE: MM msg4 received for policy 1

|17:32:45 IKE: Vendor VA1

|17:32:45 IKE: Vendor DPD

|17:32:45 IKE: ID: IPv4 address, 172.22.100.96

|17:32:45 IKE: Diffie-Hellman negotiated, MM Msg 5 sent for policy 1

|17:32:46 IKE: MM Msg6 received for policy 1


|17:32:46 IKE: Main Mode completed for policy 1 Aggressive mode

Most common use of main mode is when one end of the tunnel is using fixed IP addresses and the other is dynamic

In aggressive mode, a secure channel is established by sending two packets of data from the initiator and three from the responder. This is faster than main mode, but also less secure

The most common failures for aggressive mode messages between 1 and 4 are:

• Remote peer not configured to accept VPN negotiations

• Differing exchange types

• DH group mismatch

• Encryption algorithms are wrong

The most common failure for aggressive mode messages 5 and 6 are pre-shared keys not matching.

3.1.1 PFS

Perfect Forward Secrecy (PFS) is a means of generating new keys that are unrelated to previously used keys. This means that if an unauthorized party cracks one key, they have no basis for cracking the next one used. To increase security, Virtual Access routers support PFS and automatically changes keys regularly.

3.2 Phase II

Phase II establishes the encryption domains and is configured using SPD policies.

When Phase I is completed, the IPSec connection automatically moves on to Phase II. If any further failures occur the issue lies with Phase II settings.

3: IPSec _______________________________________________________________________________________________________

In Phase II, when quick mode message 1 is received by the responder it will always state the subnet which is set in the packet it receives. This is useful as it will mean that the verification of SPD Subnet Addresses is easy.

The most common failures for SPD within Phase II are:

• Security protocol does not match

• ESP authentication set to “no” on one side of the tunnel

• Difference in Encryption Algorithms setting

• Difference in Addresses in SPD apply polices

The following command lines show a sample debug of Phase II


Command line: ++SPD

The following command line shows a sample of the output of phase II debug.

|17:32:46 IKE: Sending initial contact



|17:32:46 IKE: QM Msg1 sent for policy 1

|17:32:46 IKE: QM Msg 2 received for policy 1



|17:32:46 IKE: QM Msg3 sent for policy 1

|17:32:46 SPD: Phase 2 tunnel up for spd policy 1

|17:32:46 IKE: Quick Mode completed for policy 1

|17:32:46 Link up 01-VPN-IKE1 Src=172.22.100.96 Dest=172.22.100.100

4: Port forwarding _______________________________________________________________________________________________________

4 Port forwarding

4.1 Port forwarding using CLI

Port forwarding can be configured under the incoming address translation table.

To check to see if port forwarding is enabled, type the following command line and check the output is the same as the sample below.

Command line: show IPAT incoming all

The following shows a sample of the output of port forwarding enabled.

Entry Interface Prot Local host Port Gateway address Port

----- --------- ---- ---------- ---- --------------- ----

2. ppp-1 UDP 172.22.100.96 53 172.22.100.96 53

3. ppp-1 UDP 192.168.2.1 69 172.22.100.96 69

4. ppp-1 TCP 192.168.2.2 8844 172.22.100.96 8844

5. ppp-1 TCP 192.168.2.3 8899 172.22.100.96 8899

6. ppp-1 TCP 192.168.2.1 23 172.22.100.96 8023

7. ppp-1 TCP 192.168.2.1 80 172.22.100.96 8080

4.2 Port forwarding using the web interface

To enable port forwarding using the webs interface, from the Start page, click Advanced>expert view>system>IP>Address translation>Table.

Configure the target WAN interface, port number and LAN interface and port number.

Documents

Debugging a Virtual Access Service Managed Gateway · 2016. 8. 8. · 1 About this document . 1.1 Scope . This guide explains the various tools on a Service Managed Gateway (SMG)