Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

trouble configuring pair of SA520 over point-to-point WAN to link two offices for VOIP

Can anybody advise me please?  we;re trying to setup a permanent point-to-point link for VOIP traffic between two offices.

We are unable to communicate from LAN on SA520 (#1) to LAN on SA520(#2),

yet we can ping to the distant WAN ports from PC's on either LAN end OK.

Not sure if we have a gateway, routing or setting issue - or if we are meant to setup some dedicated VPN link.

We're using a pair of PC's and PING to test the connection on the bench with cross over cables on the WAN port to simplify.

Office ONE has a SA520 we want to link to Office TWO using another SA520, via a point-to-point dedicated BDSL WAN service.

The cross over cable linking the two WAN ports, is trying to simulate that target BDSL WAN service during testing.

The ISP provider for the BDSL advises that the IP mask for the target usage of the BDSL line needs to be 255.255.255.252.

So we've set that as the mask on the WAN port of each router.

We're testing the setup using a cross-over cable wbetween the two WAN ports of the TWO SA520, with a test PC on each respective LAN.

Fresh out of the box, we've then made the following changes using the web-based interface:

1.  We've unticked the block ICMP and unticked the blocking of PINGs for WAN under:  Firewall-> Attacks.

2.  We're trying to set Office #1 on subnet:  192.168.110.x    (with 110.1 as the SA520 (#1)  LAN IP) mask:  255.255.255.0

     and Office #2  on subnet                       192.168.112.x    (with 112.1 as the SA520 (#2)  LAN IP) mask:  255.255.255.0

3.  We are using a cross over cable to test the WAN between the two Cisco routers, with

     Office #1 WAN           192.168.102.1    mask:  255.255.255.252 gateway: 192.168.102.2 (pointing towards Office #2 WAN)

     Office #2 WAN           192.168.102.2    mask:  255.255.255.252 gateway: 192.168.102.1 (pointing back to Office #1 WAN)

4.  We have turned NAT OFF.

5.  We don't beleive we need any static routes, because the two OFFICE SUBNETS should be reachable using the above GATEWAYS.

6.  We have turned on DHCP on both ends, with Office #1 providing dhcp to       192.168.110.11 thru .254

                                                               and  Office #2 providing dhcp to       192.168.112.11 thru .254

7.  When we connect test PC1   to Office #1 LAN port,  we successfully get IP: 192.168.110.11

8.  and a second test PC2          at Office #2 LAN port,                         get IP: 192.168.112.11

9.  We can sit on PC1 and successfully ping (from 192.168.110.11)  to             192.168.102.1  and    192.168.102.2

      ****   BUT we cannot ping to the distant Cisco 192.168.112.1  or the PC2 connected there on       192.168.112.11

10. We can do the exact opposite sitting on PC2 (from 192.168.112.11)         to   192.168.102.2  and 192.168.102.1

      ****   BUT we cannot ping to the distant Cisco        192.168.110.1 or the PC1 connected there on 192.168.110.11

What setting have we overlooked?

Do we have to apply any firewall rules?  ( we assume NO rules means 100% permitted access)

Do we have to enable rules to permit ICMP packets to each LAN?

Is the MASK wrong on the WAN?

Do we need to set the DNS?  (we're only using IP's).... There is no web traffic involved.

Are we meant to create some sort of VPN - or can we simply rely on gateways to route the packets?

Gary

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: trouble configuring pair of SA520 over point-to-point WAN to

Hi Gary,

You were almost there.

The first thing needed is to make sure Classical Routing is enabled and not NAT.  Next you have to create firewall rules to allow all traffic to and from each network be allowed to go through.  Please see attached screen shots for sample changes.  There is no need to use VPN in your configuration.

Hope this helps you on your way,

Julio

Silver

Re: trouble configuring pair of SA520 over point-to-point WAN to

Hi Gary,

Don't forget to mark Julio's post as the one that answered your question.

Thanks,

Cindy Toy

Cisco Community Manager

Small Business Support

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
3 REPLIES
Cisco Employee

Re: trouble configuring pair of SA520 over point-to-point WAN to

Hi Gary,

You were almost there.

The first thing needed is to make sure Classical Routing is enabled and not NAT.  Next you have to create firewall rules to allow all traffic to and from each network be allowed to go through.  Please see attached screen shots for sample changes.  There is no need to use VPN in your configuration.

Hope this helps you on your way,

Julio

New Member

Re: trouble configuring pair of SA520 over point-to-point WAN to

Thanks Julio.

Great help, thankyou.   Yes, I had to put it into Classical router, and forget all  about VPN, and then add two rules in the firewall to permit traffic to flow from LAN to WAN, and from  WAN to LAN.   Both SA520's now running back-to-back with ping tests OK!

Good to have help from the Forum like this,  much appreciated.

DELCARED:  **FIXED**

Cheers

Silver

Re: trouble configuring pair of SA520 over point-to-point WAN to

Hi Gary,

Don't forget to mark Julio's post as the one that answered your question.

Thanks,

Cindy Toy

Cisco Community Manager

Small Business Support

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
1730
Views
0
Helpful
3
Replies
CreatePlease to create content