Can anybody advise me please? we;re trying to setup a permanent point-to-point link for VOIP traffic between two offices.
We are unable to communicate from LAN on SA520 (#1) to LAN on SA520(#2),
yet we can ping to the distant WAN ports from PC's on either LAN end OK.
Not sure if we have a gateway, routing or setting issue - or if we are meant to setup some dedicated VPN link.
We're using a pair of PC's and PING to test the connection on the bench with cross over cables on the WAN port to simplify.
Office ONE has a SA520 we want to link to Office TWO using another SA520, via a point-to-point dedicated BDSL WAN service.
The cross over cable linking the two WAN ports, is trying to simulate that target BDSL WAN service during testing.
The ISP provider for the BDSL advises that the IP mask for the target usage of the BDSL line needs to be 255.255.255.252.
So we've set that as the mask on the WAN port of each router.
We're testing the setup using a cross-over cable wbetween the two WAN ports of the TWO SA520, with a test PC on each respective LAN.
Fresh out of the box, we've then made the following changes using the web-based interface:
1. We've unticked the block ICMP and unticked the blocking of PINGs for WAN under: Firewall-> Attacks.
2. We're trying to set Office #1 on subnet: 192.168.110.x (with 110.1 as the SA520 (#1) LAN IP) mask: 255.255.255.0
and Office #2 on subnet 192.168.112.x (with 112.1 as the SA520 (#2) LAN IP) mask: 255.255.255.0
3. We are using a cross over cable to test the WAN between the two Cisco routers, with
Office #1 WAN 192.168.102.1 mask: 255.255.255.252 gateway: 192.168.102.2 (pointing towards Office #2 WAN)
Office #2 WAN 192.168.102.2 mask: 255.255.255.252 gateway: 192.168.102.1 (pointing back to Office #1 WAN)
4. We have turned NAT OFF.
5. We don't beleive we need any static routes, because the two OFFICE SUBNETS should be reachable using the above GATEWAYS.
6. We have turned on DHCP on both ends, with Office #1 providing dhcp to 192.168.110.11 thru .254
and Office #2 providing dhcp to 192.168.112.11 thru .254
7. When we connect test PC1 to Office #1 LAN port, we successfully get IP: 192.168.110.11
8. and a second test PC2 at Office #2 LAN port, get IP: 192.168.112.11
9. We can sit on PC1 and successfully ping (from 192.168.110.11) to 192.168.102.1 and 192.168.102.2
**** BUT we cannot ping to the distant Cisco 192.168.112.1 or the PC2 connected there on 192.168.112.11
10. We can do the exact opposite sitting on PC2 (from 192.168.112.11) to 192.168.102.2 and 192.168.102.1
**** BUT we cannot ping to the distant Cisco 192.168.110.1 or the PC1 connected there on 192.168.110.11
What setting have we overlooked?
Do we have to apply any firewall rules? ( we assume NO rules means 100% permitted access)
Do we have to enable rules to permit ICMP packets to each LAN?
Is the MASK wrong on the WAN?
Do we need to set the DNS? (we're only using IP's).... There is no web traffic involved.
Are we meant to create some sort of VPN - or can we simply rely on gateways to route the packets?
Don't forget to mark Julio's post as the one that answered your question.
Cisco Community Manager
Small Business Support
You were almost there.
The first thing needed is to make sure Classical Routing is enabled and not NAT. Next you have to create firewall rules to allow all traffic to and from each network be allowed to go through. Please see attached screen shots for sample changes. There is no need to use VPN in your configuration.
Hope this helps you on your way,