I was not clear. Sorry.

"Host","Remote" are location of the 1720 and the IP's are the addresses on the router

The Firewall is on the Host side of the network.

HOST Router:

E0: 192.168.1.2/24

S0: 192.168.0.1/30

REMOTE Router:

E0: 192.168.2.1/24

S0: 192.168.0.2/24

Firewall Lan Port: 192.168.1.1/24

I did not give Node IP's

Thnx

CF

I assume your DSL connection to the internet is on the Host side lan.

internet---dsl----(dsl modem/router)...firewall....1720----s0-----s0---1720

(host) (remote)

Arent you using a public IP to nat your packets going out to internet ??

The network you described is correct.

The Firewall has a public address on the WAN side. I did not set up the firewall, and do not have the Internet Public Address.

check to see if the firewall configs are correct. The firewall wan side should have a default gateway configured, which could be your ISP router end. Check if you can ping from the firewall to the ISP. If thats working fine, check if you can ping an ip address in the internet. IF that also works fine, then the problem could be with the configuration of the firewall.

The HOST or Local network has no problem accessing the Internet.

I have default routing statements in both point-point routers

0.0.0.0 0.0.0.0 serial0

Not sure what other statements I would need to allow the Remote Lan access to the Internet

Have you put ip classless on the routers ?

Yes. It is displayed just above the defauld IP route statement.

Can you give me some recommendation of correct routing statements for this network?

What is the configuration of the firewall ?? Any packet arriving on the inside lan interface, will be NATed or you have to set filters, (like accesslists) to permit which ip addresses (private ip addresses) are to be NATed ? Have you permitted the lan for the REMOTE site, on the firewall to be NATed ?

Is there any access-lists or any other configs, on each router, which might be blocking your traffic ?

Please paste configs of your 1720 for further analysis.

Can you ping from remote lan, the ip address of the outside interface of the firewall.

Host Router:

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Flushing

!

enable password cf9058

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to Flushing_Lan

ip address 192.168.1.2 255.255.255.0

keepalive 10

!

interface Serial 0

no shutdown

description connected to Bayside

service-module t1 clock source line

service-module t1 data-coding normal

service-module t1 remote-loopback full

service-module t1 framing esf

service-module t1 linecode b8zs

service-module t1 lbo none

service-module t1 remote-alarm-enable

ip address 192.168.0.1 255.255.255.252

encapsulation hdlc

!

router rip

version 2

network 192.168.1.0

network 192.168.0.0

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0 1

no ip http server

snmp-server community public RO

snmp-server location 25-39 Parsons Blvd

snmp-server contact CF Data Systems,631-399-2154,craig@wallstreetdata.com

!

line console 0

exec-timeout 0 0

password cf9058

login

!

line vty 0 4

password cf9058

login

!

end

Remote Router:

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Bayside

!

enable password CF9058

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to Bayside_Lan

ip address 192.168.2.1 255.255.255.0

keepalive 10

!

interface Serial 0

no shutdown

description connected to Flushing

service-module t1 clock source line

service-module t1 data-coding normal

service-module t1 remote-loopback full

service-module t1 framing esf

service-module t1 linecode b8zs

service-module t1 lbo none

service-module t1 remote-alarm-enable

ip address 192.168.0.2 255.255.255.252

encapsulation hdlc

!

router rip

version 2

network 192.168.2.0

network 192.168.0.0

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0 1

no ip http server

snmp-server community public RO

snmp-server location 35-15 Francis Lewis Blvd

snmp-server contact CF Data Systems,631-399-2154,631-399-2154

!

line console 0

exec-timeout 0 0

password CF9058

login

!

line vty 0 4

password CF9058

login

!

end

What you need to do is remove default route on both routers pointing to each other, because you are already running RIP. So no need for default route on both of them.

On the Host 1720 you need to add a default route, pointing to the firewall inside interface.

This will work.

When I remove the default route, I nolonger have access to the remote router or network.

How does your routing table look like. Dont you have a route via RIP (version 2) on each router pointing to the LAN networks ????