Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Routing Between point-point with DSL Internet on one side.

I am having problems getting the remote network access to the Interent using the DSL from the Host network.

Here are the IP addresses and network layout

Host:

Eth: 192.168.1.2

Serial: 192.168.0.1

Remote:

Eth: 192.168.2.1

Serial: 192.168.0.2

There is a SonicWall firewall on the Host side providing NAT to the Internet

Firewall IP Eth: 192.168.1.1

I can communicate between both networks, but cannot access the Internet from the Remote location. I know it's a routing statement that I'm missing. Can anyone assist?

Greatly appreciated..

CF

22 REPLIES

Re: Routing Between point-point with DSL Internet on one side.

I didnt quiet understand your network structure.

What is the host ?? Is it a PC ??

host (192.168.1.2)-----firewall----router 192.168.0.1....Internet...192.168.0.2--remote--192.168.2.1\

Is this the network topology?

New Member

Re: Routing Between point-point with DSL Internet on one side.

I was not clear. Sorry.

"Host","Remote" are location of the 1720 and the IP's are the addresses on the router

The Firewall is on the Host side of the network.

HOST Router:

E0: 192.168.1.2/24

S0: 192.168.0.1/30

REMOTE Router:

E0: 192.168.2.1/24

S0: 192.168.0.2/24

Firewall Lan Port: 192.168.1.1/24

I did not give Node IP's

Thnx

CF

Re: Routing Between point-point with DSL Internet on one side.

I assume your DSL connection to the internet is on the Host side lan.

internet---dsl----(dsl modem/router)...firewall....1720----s0-----s0---1720

(host) (remote)

Arent you using a public IP to nat your packets going out to internet ??

New Member

Re: Routing Between point-point with DSL Internet on one side.

The network you described is correct.

The Firewall has a public address on the WAN side. I did not set up the firewall, and do not have the Internet Public Address.

Re: Routing Between point-point with DSL Internet on one side.

check to see if the firewall configs are correct. The firewall wan side should have a default gateway configured, which could be your ISP router end. Check if you can ping from the firewall to the ISP. If thats working fine, check if you can ping an ip address in the internet. IF that also works fine, then the problem could be with the configuration of the firewall.

New Member

Re: Routing Between point-point with DSL Internet on one side.

The HOST or Local network has no problem accessing the Internet.

I have default routing statements in both point-point routers

0.0.0.0 0.0.0.0 serial0

Not sure what other statements I would need to allow the Remote Lan access to the Internet

Re: Routing Between point-point with DSL Internet on one side.

Have you put ip classless on the routers ?

New Member

Re: Routing Between point-point with DSL Internet on one side.

Yes. It is displayed just above the defauld IP route statement.

Can you give me some recommendation of correct routing statements for this network?

Re: Routing Between point-point with DSL Internet on one side.

What is the configuration of the firewall ?? Any packet arriving on the inside lan interface, will be NATed or you have to set filters, (like accesslists) to permit which ip addresses (private ip addresses) are to be NATed ? Have you permitted the lan for the REMOTE site, on the firewall to be NATed ?

Is there any access-lists or any other configs, on each router, which might be blocking your traffic ?

Please paste configs of your 1720 for further analysis.

Re: Routing Between point-point with DSL Internet on one side.

Can you ping from remote lan, the ip address of the outside interface of the firewall.

New Member

Re: Routing Between point-point with DSL Internet on one side.

Host Router:

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Flushing

!

enable password cf9058

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to Flushing_Lan

ip address 192.168.1.2 255.255.255.0

keepalive 10

!

interface Serial 0

no shutdown

description connected to Bayside

service-module t1 clock source line

service-module t1 data-coding normal

service-module t1 remote-loopback full

service-module t1 framing esf

service-module t1 linecode b8zs

service-module t1 lbo none

service-module t1 remote-alarm-enable

ip address 192.168.0.1 255.255.255.252

encapsulation hdlc

!

router rip

version 2

network 192.168.1.0

network 192.168.0.0

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0 1

no ip http server

snmp-server community public RO

snmp-server location 25-39 Parsons Blvd

snmp-server contact CF Data Systems,631-399-2154,craig@wallstreetdata.com

!

line console 0

exec-timeout 0 0

password cf9058

login

!

line vty 0 4

password cf9058

login

!

end

Remote Router:

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Bayside

!

enable password CF9058

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to Bayside_Lan

ip address 192.168.2.1 255.255.255.0

keepalive 10

!

interface Serial 0

no shutdown

description connected to Flushing

service-module t1 clock source line

service-module t1 data-coding normal

service-module t1 remote-loopback full

service-module t1 framing esf

service-module t1 linecode b8zs

service-module t1 lbo none

service-module t1 remote-alarm-enable

ip address 192.168.0.2 255.255.255.252

encapsulation hdlc

!

router rip

version 2

network 192.168.2.0

network 192.168.0.0

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0 1

no ip http server

snmp-server community public RO

snmp-server location 35-15 Francis Lewis Blvd

snmp-server contact CF Data Systems,631-399-2154,631-399-2154

!

line console 0

exec-timeout 0 0

password CF9058

login

!

line vty 0 4

password CF9058

login

!

end

Re: Routing Between point-point with DSL Internet on one side.

What you need to do is remove default route on both routers pointing to each other, because you are already running RIP. So no need for default route on both of them.

On the Host 1720 you need to add a default route, pointing to the firewall inside interface.

This will work.

New Member

Re: Routing Between point-point with DSL Internet on one side.

When I remove the default route, I nolonger have access to the remote router or network.

Re: Routing Between point-point with DSL Internet on one side.

How does your routing table look like. Dont you have a route via RIP (version 2) on each router pointing to the LAN networks ????

New Member

Re: Routing Between point-point with DSL Internet on one side.

I do have Rip as displayed in the config's I posted.

If I put the default route back in it works fine. 0.0.0.0 0.0.0.0 serial0

I think I'll call CISCO for assistance...

Re: Routing Between point-point with DSL Internet on one side.

Your packets from remote site are not going to internet, because the HOST 1720 doesnt have a default route pointing to the inside interface of firewall.

Please paste your routing table output (show ip route) for reference.

The default route on 1720 should really be pointing to the firewall

ip route 0.0.0.0 0.0.0.0 192.168.1.2 (firewall insideIP).

You dont really need the default route pointing to serial 0, as you are running RIP. I see that subnet masks for both the lan and wan segments are different (/24 and /30) but RIP version 2 wont have a problem advertising these routes across the wan.

Paste your show ip route on both routers, for reference.

Re: Routing Between point-point with DSL Internet on one side.

Here you go, here is the final solution.

You need to just remove the default route on HOST router. The default route on the REMOTE should remain on the router.

Configs would look like this..

Host

ip route 0.0.0.0 0.0.0.0 192.168.1.2 (where 1.2 is the ip address of inside interface of firewall)

ReMOTE

ip route 0.0.0.0 0.0.0.0 serial 0 1

Dont remove this route.

The above configs should work.

New Member

Re: Routing Between point-point with DSL Internet on one side.

I actually tried that solution a little while ago, and it still didn't work.

I'm bummed.

If traffic from the remote lan is sent out through the leased line to the firewall on the host side, it does not know where to return the packets to. I would assume the firewall needs to have a route somewhere.

Re: Routing Between point-point with DSL Internet on one side.

Firewall should know how to reach remote lan. For this you can just set default gateway on the firewall inside lan as the HOST 1720 router.

New Member

Re: Routing Between point-point with DSL Internet on one side.

Show Ip Route

Host Router:

Gateway of Last Resort is 0.0.0.0 to network 0.0.0.0

192.168.0.0/30 is subnetted, 1 subnet

c 192.168.0.0 is directly connected, serial 0

c 192.168.1.0/24 is directly connected, fast eth 0

s* 0.0.0.0/0 is directly connected, serial 0

Remote Router:

Gateway of Last Resort is 0.0.0.0 to network 0.0.0.0

192.168.0.0/30 is subnetted, 1 subnet

c 192.168.0.0 is directly connected, serial 0

c 192.168.2.0/24 is directly connected, fast eth 0

s* 0.0.0.0/0 is directly connected, serial 0

Re: Routing Between point-point with DSL Internet on one side.

Routing table looks fine...

You just need to remove default route on Host router and point the default route to the inside address of firewall.

On the remote router, the default route needs to kept as it is

New Member

Re: Routing Between point-point with DSL Internet on one side.

The default route is 0.0.0.0 0.0.0.0 192.168.1.1 (firewall)

I believe my problem is this:

The firewall needs to be physically attached to the 1720 LAN

DSL->Sonicwall->1720->LAN

in this senario, I would need to ethernet adapters in the 1720, one for the firewall, and one for the switch.

Thoughts??

137
Views
0
Helpful
22
Replies
CreatePlease to create content