Switches, Hubs, and Modems
1748265 Members
3997 Online
108760 Solutions
New Discussion юеВ

HP7102dl Router

 
tb11
Occasional Contributor

HP7102dl Router

I have a HP7102dl router which I am using as follows. Lan1 is 192.168.5.1 and is internal to the site. Lan2 is 192.168.17.1 and is connected to a point-to-point wireless solution which goes back to another site. The Internet is Bell static ADSL. Everything is working fine except for one application which resides at a remote site, so traffic goes back across the wireless. The problem seems to be involving timeouts between the interfaces, as the app needs the connection to remain open all the time. I've modifed the default timeouts as follows:
ip policy-timeout tcp all-ports 54001
ip policy-timeout udp all-ports 54000
ip policy-timeout tcp 3351 86400
ip policy-timeout udp 3351 86400

but the traffic still seems to timeout. When it was set at the default timeouts I was getting lockups in the software every 5 minutes, but after changing it to the above values it is 2-3 times per day. I don't need the firewall enabled between the 2 lan interfaces as they are internal to my network, but I do need it enabled on the ADSl link. Is there a way to do this?

Thanks
Tim
2 REPLIES 2
Matt Hobbs
Honored Contributor

Re: HP7102dl Router

Hi Tim,

I think the trick you need is the 'stateless' option which will stop those interfaces being subjected to the firewall.

E.g.

!
ip access-list extended Wireless
permit ip 192.168.5.0 0.0.0.255 192.168.17.0 0.0.0.255
!

!
ip policy-class Private
allow list Wireless stateless
allow list self self
nat source list wizard-ics interface eth 0/1 overload
!

Matt
Mohieddin Kharnoub
Honored Contributor

Re: HP7102dl Router

Hi

I have a better idea.
Since you have 3 Interfaces used on the router, 2 Ethernet and one ADSL.

If we considered the Security Zones, you need to have both Ethernet Interfaces in One Security Zone call it Private.
And another Security Zone Public for the ADSL interfaces.
Now you can apply Firewall between the Public the the Private zones and you don;t really want any firewall between any Firewall or ACLs between both Ethernet interfaces in the Same Zone.

Good Luck !!!
Science for Everyone