03-17-2003 12:16 PM - edited 03-02-2019 05:56 AM
I have just brought up additional sites that connect to my main site where my Internet router (cisco 2611) and PIX 506e reside. The new sites connect to the main site via a cisco 1760. Everything at the main site uses the PIX address as the default gateway. I need to give these new sites access to the main site and the Internet via my existing router and firewall and allow access to those sites from the main site, what is the best way to do this? What configuration changes need to be made to the router(s)?
Thanks,
Mark
03-18-2003 12:02 AM
Hi Mark
What is you routing strategy in you network?
Do you work with static routing?
Or do you have a routing protocol in place? Which one?
Ciao
Roger
03-18-2003 05:59 AM
Hi Roger,
Thanks for replying. I'm using EIGRP on all the routers. I think that I solved my problem but I'd still like your input. I added 'ip route 0.0.0.0 0.0.0.0 {Internet router ip address}' to the 1760 and changed my default gateway at the main site to the address of the 1760. After doing that I can get to all the other sites from the main site and still access the Internet from the main site as well. I'll be testing from the remote sites later today. My only concern now is that everything hits the 1760 before it gets routed to the 2611. Is there a better way of doing this?
Thanks,
Mark
03-18-2003 06:26 AM
Hi Mark
You could change the default gateway again to the 2611 and implement a static route for the remote sites on the 2611 which points to the 1760. As i understand are the 1760 and the 2611 on the same subnet? So this way it would hit first the 2611.
But i think the 1760 should be able to handle this, especially if you enabel "ip redirect". This tells the host to use a different gateway.
Roger
03-18-2003 06:42 AM
Hi Roger,
Both routers are on the same subnet. If I change the gateway back to the 2611 all my traffic will get sent through my PIX 506e, I have very little experience with the PIX and I'm not sure how/if that would affect things. I've never used the "ip redirect" command so I'll check that out and give it a try. I really appreciate your help.
Thanks,
Mark
03-18-2003 06:49 AM
Hi Mark
Ussually the ip redirect is enabled by default. You can verify it with the command "sh ip int eth0/0".
2611#sh ip int eth 0/1
Ethernet0/1 is up, line protocol is up
Internet address is 194.22.13.188/26
Broadcast address is 255.255.255.255
determined by nolatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is enabled
IP CEF switching is enabled
IP CEF Flow Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, Flow, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
WCCP Redirect outbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
So just leave the setup as you have it now.
Roger
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: