10-31-2002 09:22 AM - edited 03-02-2019 02:32 AM
I am having problems getting the remote network access to the Interent using the DSL from the Host network.
Here are the IP addresses and network layout
Host:
Eth: 192.168.1.2
Serial: 192.168.0.1
Remote:
Eth: 192.168.2.1
Serial: 192.168.0.2
There is a SonicWall firewall on the Host side providing NAT to the Internet
Firewall IP Eth: 192.168.1.1
I can communicate between both networks, but cannot access the Internet from the Remote location. I know it's a routing statement that I'm missing. Can anyone assist?
Greatly appreciated..
CF
10-31-2002 09:27 AM
I didnt quiet understand your network structure.
What is the host ?? Is it a PC ??
host (192.168.1.2)-----firewall----router 192.168.0.1....Internet...192.168.0.2--remote--192.168.2.1\
Is this the network topology?
10-31-2002 09:38 AM
I was not clear. Sorry.
"Host","Remote" are location of the 1720 and the IP's are the addresses on the router
The Firewall is on the Host side of the network.
HOST Router:
E0: 192.168.1.2/24
S0: 192.168.0.1/30
REMOTE Router:
E0: 192.168.2.1/24
S0: 192.168.0.2/24
Firewall Lan Port: 192.168.1.1/24
I did not give Node IP's
Thnx
CF
10-31-2002 09:52 AM
I assume your DSL connection to the internet is on the Host side lan.
internet---dsl----(dsl modem/router)...firewall....1720----s0-----s0---1720
(host) (remote)
Arent you using a public IP to nat your packets going out to internet ??
10-31-2002 09:57 AM
The network you described is correct.
The Firewall has a public address on the WAN side. I did not set up the firewall, and do not have the Internet Public Address.
10-31-2002 09:59 AM
check to see if the firewall configs are correct. The firewall wan side should have a default gateway configured, which could be your ISP router end. Check if you can ping from the firewall to the ISP. If thats working fine, check if you can ping an ip address in the internet. IF that also works fine, then the problem could be with the configuration of the firewall.
10-31-2002 10:14 AM
The HOST or Local network has no problem accessing the Internet.
I have default routing statements in both point-point routers
0.0.0.0 0.0.0.0 serial0
Not sure what other statements I would need to allow the Remote Lan access to the Internet
10-31-2002 10:18 AM
Have you put ip classless on the routers ?
10-31-2002 10:32 AM
Yes. It is displayed just above the defauld IP route statement.
Can you give me some recommendation of correct routing statements for this network?
10-31-2002 10:36 AM
What is the configuration of the firewall ?? Any packet arriving on the inside lan interface, will be NATed or you have to set filters, (like accesslists) to permit which ip addresses (private ip addresses) are to be NATed ? Have you permitted the lan for the REMOTE site, on the firewall to be NATed ?
Is there any access-lists or any other configs, on each router, which might be blocking your traffic ?
Please paste configs of your 1720 for further analysis.
10-31-2002 10:38 AM
Can you ping from remote lan, the ip address of the outside interface of the firewall.
10-31-2002 10:45 AM
Host Router:
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Flushing
!
enable password cf9058
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface FastEthernet 0
no shutdown
description connected to Flushing_Lan
ip address 192.168.1.2 255.255.255.0
keepalive 10
!
interface Serial 0
no shutdown
description connected to Bayside
service-module t1 clock source line
service-module t1 data-coding normal
service-module t1 remote-loopback full
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 remote-alarm-enable
ip address 192.168.0.1 255.255.255.252
encapsulation hdlc
!
router rip
version 2
network 192.168.1.0
network 192.168.0.0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0 1
no ip http server
snmp-server community public RO
snmp-server location 25-39 Parsons Blvd
snmp-server contact CF Data Systems,631-399-2154,craig@wallstreetdata.com
!
line console 0
exec-timeout 0 0
password cf9058
login
!
line vty 0 4
password cf9058
login
!
end
Remote Router:
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Bayside
!
enable password CF9058
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface FastEthernet 0
no shutdown
description connected to Bayside_Lan
ip address 192.168.2.1 255.255.255.0
keepalive 10
!
interface Serial 0
no shutdown
description connected to Flushing
service-module t1 clock source line
service-module t1 data-coding normal
service-module t1 remote-loopback full
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 remote-alarm-enable
ip address 192.168.0.2 255.255.255.252
encapsulation hdlc
!
router rip
version 2
network 192.168.2.0
network 192.168.0.0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0 1
no ip http server
snmp-server community public RO
snmp-server location 35-15 Francis Lewis Blvd
snmp-server contact CF Data Systems,631-399-2154,631-399-2154
!
line console 0
exec-timeout 0 0
password CF9058
login
!
line vty 0 4
password CF9058
login
!
end
10-31-2002 10:51 AM
What you need to do is remove default route on both routers pointing to each other, because you are already running RIP. So no need for default route on both of them.
On the Host 1720 you need to add a default route, pointing to the firewall inside interface.
This will work.
10-31-2002 11:03 AM
When I remove the default route, I nolonger have access to the remote router or network.
10-31-2002 11:11 AM
How does your routing table look like. Dont you have a route via RIP (version 2) on each router pointing to the LAN networks ????
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: