point to point connectvity

Unanswered Question
Dec 15th, 2008

Problem Details: iam having 1841 router in main office, isp connected s0/0, s0/1 ip and e0/0 is connected to my proxy server(, from that it is going

my lan. now i want to extend network to my branch office. This is only point to point conectivity intranet and internet purpose. In remote side s0 ip Lan ip

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 12/15/2008 - 01:48

Hello Ramnet,

you have a point-to-point serial connection between main site router 1841:s0/1 ip

If you had more powerful routers involved from 2811 and above you could think to use L2TPv3 to transport ethernet frames inside IP packets.

If you use Frame-relay on the point-to-point you could use bridging over the wan


But be aware that in any case extending a vlan over a T1 link with routers like yours can be an issue for different reasons: broadcast control, security and performances.

I recommend considering alternate options that allow to use a routed solution

Hope to help


ramnet communic... Mon, 12/15/2008 - 05:20


we dont want frame realy connection between two routers we want point to point connection trough encap ppp only remote side router 2500 series router .and main office also i think 2600 series router.so plz advise to main office to remote office internet and intranet connectvity.solution.

Giuseppe Larosa Mon, 12/15/2008 - 21:50

Hello Ramnet,

I would use PBR on the link to the branch office to redirect traffic to the proxy server that if I've understood correctly is the reason you want to extend that vlan.

Another option could be the use of NAT

the PBR could use an extended ACL to redirect to the proxy traffic with source = branch and destination different then HQ subnets

access-list 121 deny ip

access-list 121 permit ip any

route-map pbr_rm permit 10

match ip address 121

! ip address of proxy here

set ip next hop

int ser0/1

ip policy route-map pbr_rm

The suggestion is that you don't need to extend a Vlan to use a proxy.

Hope to help


ohassairi Mon, 12/15/2008 - 22:14

i will suggest to change topology:

i suppose you have 2 NIC in your proxy: one goes to lan and the second goes to rtr.

just use only one NIC , connct it to LAN.

connect also the rtr to LAN.

users in remote site will use the proxy like any other PC in main office.

you can also add an CAL in the rtr to permit only the proxy to go to internet.

ohassairi Fri, 12/19/2008 - 10:24

as i said you should chabge your design because your proxy has a public IP. this makes it unprotcted from internet.

keep the proxy connected only to lan.

lets suppose it has the ip

just configure your rtrs af follow:


interface ether1

ip address....

interface s0

ip addre ....

encapsulation PPP

ip route s0

main office

interface ether1

ip address 255.....

ip address second

ip nat inside

interface s0

ip addre ....

encapsulation PPP

interface s1

ip addre ....

encapsulation PPP

ip nat outside

access-list 1 permit host

ip nat inside source list 1 interface ether 1 overload

ip route s0

ip route s1

now in browser (from both sides) define your proxy:

note: in the future don't publish your real IP in diagrams. this give to hackers apportinuty to attack your public servers.

hope this help


This Discussion