Router configuration assistance request

NWMSurgCtr · ‎09-19-2005

Any assistance would be GREATLY appreciated.

I have been tasked with providing support for two previously configured Cisco routers that connect two buildings Point to point T-1), that is all. Internet services are provided via a completely seperate circuit. The router were previously configured using EIGRP and bridge groups to pass IPX traffic. Unfortunately, I have now implemented a Windows server and cannot ping past either router and I am not sure if these routers are even configured correctly. I have experience configuring internet access routers and ACL however, never a point to point.

The two configs are below. As I said, any help would be greatly appreciated.

Building A (1601)

version 11.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname Building1

!

enable secret ******

enable password *****

!

ip subnet-zero

!

interface Ethernet0

ip address 10.200.1.2 255.255.255.0

no ip directed-broadcast

bridge-group 1

!

interface Serial0

no ip address

shutdown

!

interface Serial1

ip address 10.200.254.1 255.255.255.0

bridge-group 1

!

router eigrp 101

network 10.0.0.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.200.1.1

ip http server

!

bridge 1 protocol ieee

!

line con 0

line vty 0 4

password *****

login

!

end

Building B (1721)

Current configuration : 707 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname Building2

!

enable password ******

!

ip subnet-zero

!

interface FastEthernet0

ip address 10.200.2.1 255.255.255.0

speed auto

bridge-group 1

!

interface Serial0

ip address 10.200.254.2 255.255.255.0

bridge-group 1

!

router eigrp 101

network 10.0.0.0

no auto-summary

!

ip classless

ip default-network 0.0.0.0

ip route 0.0.0.0 0.0.0.0 10.200.1.1

ip route 10.0.0.0 255.0.0.0 10.200.1.0

ip route 10.200.1.0 255.255.255.0 10.200.254.1

ip http server

!

bridge 1 protocol ieee

!

line con 0

line aux 0

line vty 0 4

login

!

end

Richard Burts · ‎09-19-2005

I have looked at your configs and while there are a few things that I wonder about and think that perhaps they could be optimized, I believe that fundamentally both router configs should work. I do not see anything in the router configs that should produce the symptoms that you describe.

I suspect that the problem may be in the configuration of the Windows server. You have not told us much about the server. It would help to know in which building the server is located. It would be important to know what IP address is configured on the server. And it would be most important to know what default gateway is configured on the server.

My guess at the problem based on your description is that the default gateway configured on the server is not the router on the local subnet. Or perhaps the address configured in not recognized by the router as local.

HTH

Rick

HTH

Rick

NWMSurgCtr · ‎09-20-2005

Thanks for your reply Rick!

The Windows server IP is 10.200.1.4 and its gateway is 10.200.1.1 which is the firewall device.

BTW - Internet services are provided via a differnet circuit connected to the firewall device.

I have attached a document to hopefully explain things better.

Thanks again!

Richard Burts · ‎09-20-2005

Thanks for sending the additional information. It does help clarify some things.

It sounds to me like the configuration of the Windows server is pretty simple: it probably has an interface address, an interface mask, and a default gateway which points to the firewall. It probably has no other routes defined. So it can communicate with anything on the local subnet and anything with a destination not on the local subnet is forwarded to the default gateway (the firewall).

I am not sure why the firewall does not forward packets to the other routers or to addresses in BldgB. Perhaps there is a policy that does not allow this forwarding. Your drawing suggests that there are other workstations in BldgA. Are they able to communicate with BldgB? If so is their default gateway set to be the firewall or to be the router? (I am guessing that if they can communicate with BldgB that their default gateway is the router.)

I believe that one solution would be to configure the Windows server with its default gateway to be the router interface. You may also be able to make some change on the firewall to permit forwarding the packets.

HTH

Rick

HTH

Rick

chris.aguilar · ‎09-20-2005

Hello,

After looking at your network diagram, there are few things that you need to change on your configurations.

1. Firewalls don't forward packets to the same segment after receiving it just as a router does. You need to change the Windows server default gateway to the router's IP address. Since your router has a default route to the firewall for internet access, your server will still be able to access the Internet via the router.

2. You don't need the static routes configured on the Bldg 2 router since you are running EIGRP routing protocol. EIGRP automatically redistributes default routes to its routing table so you should be able to see the route to the Internet in Bldg 2 router via EIGRP.

3. If you're using the Bldg A server as a domain server, you need to add an 'ip helper-address 10.200.1.4' on the FastEthernet of Bldg 2 router to forward WINS request to the server.

Hope this helps.

Cheers,

Chris