Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Trouble routing internet traffic through WAN

One of my network locations is losing their direct internet connection and I need to keep them up by routing all of their internet traffic to a second location that has internet connectivity. The two networks are connected via T1 lines.

The two cisco routers are connected via their own network: 10.1.10.5 (remote) and 10.1.10.6 (local) The remote network is 10.1.1.0 and the local network is 10.1.2.0.

I modifed the internet route from 0.0.0.0 0.0.0.0 10.1.2.6 (local firewall) to 10.1.10.5 (remote router), but all internet traffic stops at 10.1.10.5. The remote router has a route for internet traffic directing it to the remote firewall, but for some reason it stops at the router.

What am I missing?

4 REPLIES
Hall of Fame Super Blue

Re: Trouble routing internet traffic through WAN

Does the remote firewall have a route back to the source network ?

Perhaps a quick schematic of the connectivity would help.

Jon

Hall of Fame Super Silver

Re: Trouble routing internet traffic through WAN

Hello Larry,

you need to provide return path routes on the site with internet access.

and you need to modify NAT rules to allow packets with source 10.1.1.0 to be translated to access the internet.

Hope to help

Giuseppe

Community Member

Re: Trouble routing internet traffic through WAN

Hello and thanks for the reply. There are return routes already in place between the 10.1.1.0 network and 10.1.2.0 network. For some reason, though, the packets just stop at the router network 10.1.10.5.

Here are the routes from the config:

Local side...

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.10.5

ip route 10.1.1.0 255.255.255.0 10.1.10.5

no ip http server

!

Remote side

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.6

ip route 10.1.2.0 255.255.255.0 10.1.10.6

no ip http server

!

I know that the first config seems redundant with both routes going to 10.1.10.5, but I changed the internet route from going to the local firewall at 10.1.2.6 and kept the second route while I troubleshoot. Once the packets got to 10.1.10.5 on the remote end, I thought the remote route for internet traffic would send it to 10.1.1.6 (the remote firewall), but it doesn't.

Blue

Re: Trouble routing internet traffic through WAN

Hi:

Does the FW have a route back to the 10.1.2.0/24 network?

Traffic originates on 10.1.2.0 at the local router. The local router uses the default to get to the remote router. Then the remote router defaults to the FW.

The FW will PAT the traffic and forward out to the Internet.

The FW will receive return traffic destined for the PAT address and perform the translation to forward to the internal host that sits on 10.1.2.0.

Does it know how to get back there?

SIDE NOTE: As a quick aside, I wonder if your FW is even forwarding the traffic out. It may only have a PAT overload statement that points to/calls an ACL that only includes the source network at the remote site and not the network at the local site, since the local site was designed to use its own Internet connection. Just a thought...

But even if the FW does successfully PAT 10.1.2.0 traffic to a public IP, it will build that NAT translation - and on the return it will need to have a route back to the internal network.

HTH

Victor

357
Views
0
Helpful
4
Replies
CreatePlease to create content