One of my network locations is losing their direct internet connection and I need to keep them up by routing all of their internet traffic to a second location that has internet connectivity. The two networks are connected via T1 lines.
The two cisco routers are connected via their own network: 10.1.10.5 (remote) and 10.1.10.6 (local) The remote network is 10.1.1.0 and the local network is 10.1.2.0.
I modifed the internet route from 0.0.0.0 0.0.0.0 10.1.2.6 (local firewall) to 10.1.10.5 (remote router), but all internet traffic stops at 10.1.10.5. The remote router has a route for internet traffic directing it to the remote firewall, but for some reason it stops at the router.
Hello and thanks for the reply. There are return routes already in place between the 10.1.1.0 network and 10.1.2.0 network. For some reason, though, the packets just stop at the router network 10.1.10.5.
Here are the routes from the config:
ip route 0.0.0.0 0.0.0.0 10.1.10.5
ip route 10.1.1.0 255.255.255.0 10.1.10.5
no ip http server
ip route 0.0.0.0 0.0.0.0 10.1.1.6
ip route 10.1.2.0 255.255.255.0 10.1.10.6
no ip http server
I know that the first config seems redundant with both routes going to 10.1.10.5, but I changed the internet route from going to the local firewall at 10.1.2.6 and kept the second route while I troubleshoot. Once the packets got to 10.1.10.5 on the remote end, I thought the remote route for internet traffic would send it to 10.1.1.6 (the remote firewall), but it doesn't.
Does the FW have a route back to the 10.1.2.0/24 network?
Traffic originates on 10.1.2.0 at the local router. The local router uses the default to get to the remote router. Then the remote router defaults to the FW.
The FW will PAT the traffic and forward out to the Internet.
The FW will receive return traffic destined for the PAT address and perform the translation to forward to the internal host that sits on 10.1.2.0.
Does it know how to get back there?
SIDE NOTE: As a quick aside, I wonder if your FW is even forwarding the traffic out. It may only have a PAT overload statement that points to/calls an ACL that only includes the source network at the remote site and not the network at the local site, since the local site was designed to use its own Internet connection. Just a thought...
But even if the FW does successfully PAT 10.1.2.0 traffic to a public IP, it will build that NAT translation - and on the return it will need to have a route back to the internal network.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...