Trouble routing internet traffic through WAN

Unanswered Question

One of my network locations is losing their direct internet connection and I need to keep them up by routing all of their internet traffic to a second location that has internet connectivity. The two networks are connected via T1 lines.

The two cisco routers are connected via their own network: (remote) and (local) The remote network is and the local network is

I modifed the internet route from (local firewall) to (remote router), but all internet traffic stops at The remote router has a route for internet traffic directing it to the remote firewall, but for some reason it stops at the router.

What am I missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 04/08/2009 - 12:03

Does the remote firewall have a route back to the source network ?

Perhaps a quick schematic of the connectivity would help.


Giuseppe Larosa Wed, 04/08/2009 - 12:05

Hello Larry,

you need to provide return path routes on the site with internet access.

and you need to modify NAT rules to allow packets with source to be translated to access the internet.

Hope to help


Hello and thanks for the reply. There are return routes already in place between the network and network. For some reason, though, the packets just stop at the router network

Here are the routes from the config:

Local side...


ip classless

ip route

ip route

no ip http server


Remote side


ip classless

ip route

ip route

no ip http server


I know that the first config seems redundant with both routes going to, but I changed the internet route from going to the local firewall at and kept the second route while I troubleshoot. Once the packets got to on the remote end, I thought the remote route for internet traffic would send it to (the remote firewall), but it doesn't.

lamav Wed, 04/08/2009 - 15:04


Does the FW have a route back to the network?

Traffic originates on at the local router. The local router uses the default to get to the remote router. Then the remote router defaults to the FW.

The FW will PAT the traffic and forward out to the Internet.

The FW will receive return traffic destined for the PAT address and perform the translation to forward to the internal host that sits on

Does it know how to get back there?

SIDE NOTE: As a quick aside, I wonder if your FW is even forwarding the traffic out. It may only have a PAT overload statement that points to/calls an ACL that only includes the source network at the remote site and not the network at the local site, since the local site was designed to use its own Internet connection. Just a thought...

But even if the FW does successfully PAT traffic to a public IP, it will build that NAT translation - and on the return it will need to have a route back to the internal network.




This Discussion