Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

multiple subnet router to router through dsl

Hi there,

here is my situation. I have two 1720 routers and my company wish to route them to a single point entry. here is a simple graph

Firewall

|

|

|

1720A-------------------1720B

they wish to route 1720b through firewall out to the internet.

between 1720a and 1720b is a dedicated line using adsl VPN mode by ISP

1720a's ip information

wan 10.17.1.253 255.255.255.0

lan 10.0.0.10 255.255.255.0

gw 10.17.1.254 255.255.255.0

1720b's ip information

wan 10.16.1.253 255.255.255.0

lan 192.168.1.10 255.255.255.0

gw 10.16.1.254 255.255.255.0

Firewall

lan 10.0.0.2

wan 61.219.234.xxx

both 1720s are using NAT on all interfaces(WAN/LAN).

as you can probably guess, the subnet under 1720 b is using 192.168.1.10 as their gateway. my problem is how do i route 1720b's subnet pc to the internet through 1720a then firewall. do i do IP ROUTE 10.16.1.0 255.255.255.0 10.0.0.2 ?

btw, the 1720a is not used as a gw to the outside, the firewall 10.0.0.2 is the one that is used as a gw to the outer world. its presence is purely as a source to connect two sites together.

is policy routing and static ip direct the same thing? if not, is it possible for me to implement route map to solve my problem?

plz help me. i am desparate. i have ask many people, but they all are clueless.

1 REPLY
New Member

Re: multiple subnet router to router through dsl

No, policy routing is not the same thing as static routing. This appears to be a very straightforward routing scenario, and static routes should be sufficient.

Based on your description, you want to have the default route on 1720A pointing to the firewall (ip route 0.0.0.0 0.0.0.0 10.0.0.2). That should allow users behind 1720B to get out.

Then you need to be sure that the 10.0.0.0/24 net (1720A LAN) can reach the 192.168.1.0/24 net (1720B LAN). On 1720A, use ip route 192.168.1.0 255.255.255.0 10.17.1.254 -- assuming that I understand your "ASDL VPN" connection setup properly.

How do the client systems on 10.0.0.0/24 currently reach 192.168.1.0/24? ( Or do they even need to?) Does the firewall have a route to 192.168.1.0? Do the clients?

When you say "gw", I presume you mean a default route of the form ip route 0.0.0.0 0.0.0.0 something; correct?

219
Views
0
Helpful
1
Replies
CreatePlease to create content