point to point connectvity

Unanswered Question
Dec 15th, 2008

Problem Details: iam having 1841 router in main office, isp connected s0/0, s0/1 ip

10.10.10.1 and e0/0 is connected to my proxy server(192.168.0.1), from that it is going

my lan. now i want to extend 192.168.0.0 network to my branch office. This is only point to point conectivity intranet and internet purpose. In remote side s0 ip 10.10.10.2/24.and Lan ip 192.168.3.1.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 12/15/2008 - 01:48

Hello Ramnet,

you have a point-to-point serial connection between main site router 1841:s0/1 ip 10.10.10.1

If you had more powerful routers involved from 2811 and above you could think to use L2TPv3 to transport ethernet frames inside IP packets.

If you use Frame-relay on the point-to-point you could use bridging over the wan

http://www.cisco.com/en/US/docs/ios/12_0/ibm/configuration/guide/bctb.html#wp4865

But be aware that in any case extending a vlan over a T1 link with routers like yours can be an issue for different reasons: broadcast control, security and performances.

I recommend considering alternate options that allow to use a routed solution

Hope to help

Giuseppe

ramnet communic... Mon, 12/15/2008 - 05:20

Dear,Giuseppe

we dont want frame realy connection between two routers we want point to point connection trough encap ppp only remote side router 2500 series router .and main office also i think 2600 series router.so plz advise to main office to remote office internet and intranet connectvity.solution.

Giuseppe Larosa Mon, 12/15/2008 - 21:50

Hello Ramnet,

I would use PBR on the link to the branch office to redirect traffic to the proxy server that if I've understood correctly is the reason you want to extend that vlan.

Another option could be the use of NAT

the PBR could use an extended ACL to redirect to the proxy traffic with source = branch and destination different then HQ subnets

access-list 121 deny ip 10.0.10.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 121 permit ip 10.0.10.0 0.0.0.255 any

route-map pbr_rm permit 10

match ip address 121

! ip address of proxy here

set ip next hop 192.168.0.1

int ser0/1

ip policy route-map pbr_rm

The suggestion is that you don't need to extend a Vlan to use a proxy.

Hope to help

Giuseppe

ohassairi Mon, 12/15/2008 - 22:14

i will suggest to change topology:

i suppose you have 2 NIC in your proxy: one goes to lan and the second goes to rtr.

just use only one NIC , connct it to LAN.

connect also the rtr to LAN.

users in remote site will use the proxy like any other PC in main office.

you can also add an CAL in the rtr to permit only the proxy to go to internet.

ohassairi Fri, 12/19/2008 - 10:24

as i said you should chabge your design because your proxy has a public IP. this makes it unprotcted from internet.

keep the proxy connected only to lan.

lets suppose it has the ip 192.168.0.100

just configure your rtrs af follow:

branch:

interface ether1

ip address....

interface s0

ip addre ....

encapsulation PPP

ip route 192.168.0.0 255.255.255.0 s0

main office

interface ether1

ip address 202.65.147.193 255.....

ip address 192.168.0.254 255.255.255.0 second

ip nat inside

interface s0

ip addre ....

encapsulation PPP

interface s1

ip addre ....

encapsulation PPP

ip nat outside

access-list 1 permit host 192.168.0.100

ip nat inside source list 1 interface ether 1 overload

ip route 192.168.3.0 255.255.255.0 s0

ip route 0.0.0.0 0.0.0.0 s1

now in browser (from both sides) define your proxy:192.168.0.100/8080

note: in the future don't publish your real IP in diagrams. this give to hackers apportinuty to attack your public servers.

hope this help

Actions

This Discussion