I have 2 Cisco 2621 routers connected with pt 2 pt T1(cable) in testing phase. I can ping from one network (10.1.1.0) to the other (10.3.1.0). The 10.1.1.0 is our main network and the other is the branch office. The branch will get internet access from the main. Currently we have our computers default gateway to the Sonicwall firewall (10.1.1.1). When I implement these routers, I take it that the default gateway on the computers will change to the router local address. Am I going to use the extra ethernet port on the main router to connect to the Sonicwall and direct internet traffic to it? I will probably have to change the ip address of the Sonicwall to a different subnet address. What commands tell the router to send all internet traffic to the Sonicwall?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Access Internet from Cisco 2621
- Thread starter scooby9
- Start date
I wouldn't personally attach your firewall directly to the router but hey you could if you wanted to. I'd simply attach it to a switch in the heart/core of your network.
I agree with you in that the clients on the main LAN should use the local router as the gateway address. In fact you may want to change the IP address of the Sonicwall and let the router have this address so you don't have to reconfigure multiple PC's for a new default gateway.
You'll need a gateway of last resort on the local router to point to the Sonicwall's IP address. You'll also need a gateway of last resort on the remote router and point that to the other router.
For instance, assume Sonicwall is 10.1.1.1, main router is 10.1.1.254 and remote router is 10.3.1.254.
Main router config:
int fa0/0
desc * LAN interface*
ip address 10.1.1.254 255.255.255.0
int s0/0
desc *Connection to Remote LAN*
ip unnumbered fa0/0
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.3.1.0 255.255.255.0 s0/0
Remote router config:
int fa0/0
desc * Remote LAN interface*
ip address 10.3.1.254 255.255.255.0
int s0/0
desc *Connection to Main LAN*
ip unnumbered fa0/0
ip route 0.0.0.0 0.0.0.0 10.1.1.1
I agree with you in that the clients on the main LAN should use the local router as the gateway address. In fact you may want to change the IP address of the Sonicwall and let the router have this address so you don't have to reconfigure multiple PC's for a new default gateway.
You'll need a gateway of last resort on the local router to point to the Sonicwall's IP address. You'll also need a gateway of last resort on the remote router and point that to the other router.
For instance, assume Sonicwall is 10.1.1.1, main router is 10.1.1.254 and remote router is 10.3.1.254.
Main router config:
int fa0/0
desc * LAN interface*
ip address 10.1.1.254 255.255.255.0
int s0/0
desc *Connection to Remote LAN*
ip unnumbered fa0/0
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.3.1.0 255.255.255.0 s0/0
Remote router config:
int fa0/0
desc * Remote LAN interface*
ip address 10.3.1.254 255.255.255.0
int s0/0
desc *Connection to Main LAN*
ip unnumbered fa0/0
ip route 0.0.0.0 0.0.0.0 10.1.1.1
- Thread starter
- #3
Thanks for the info. I have actual ip addresses in place of the 'ip unnumbered' settings but the remote network hosts cannot get to the internet. You said that a gateway of last resort on the remote router should point to the other router but your config points to the Sonicwall. Is that correct?
Main router config:
int fa0/0
ip address 10.1.1.254 255.255.255.0
int s0/0
ip address 1.1.1.1 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.3.1.0 255.255.255.0 s0/0
Remote router config:
int fa0/0
ip address 10.3.1.254 255.255.255.0
int s0/0
ip address 1.1.1.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 s0/0
or
ip route 0.0.0.0 0.0.0.0 1.1.1.2
this should work.
int fa0/0
ip address 10.1.1.254 255.255.255.0
int s0/0
ip address 1.1.1.1 255.255.255.252
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.3.1.0 255.255.255.0 s0/0
Remote router config:
int fa0/0
ip address 10.3.1.254 255.255.255.0
int s0/0
ip address 1.1.1.2 255.255.255.252
ip route 0.0.0.0 0.0.0.0 s0/0
or
ip route 0.0.0.0 0.0.0.0 1.1.1.2
this should work.
- Thread starter
- #6
Thanks Fatty99 for the contribution.
I have essentially the same config only my inside addresses for the serial line are different. A host on the main network having their def gateway pointing to the router gets to the internet ok thru our sonicwall (10.1.1.1) but the remote hosts cannot. The gateway of last resort on the remote router points to the serial interface of the main router. I cannot ping yahoo.com from the remote router. I had the ip-name server as our production DNS server but it probably can't respond to the remote router because the def gateway on it is not pointing to the main router at this time. I tried changing the ip name server to an external DNS and I still cannot ping yahoo.com. I don't know what is stopping access to the internet from the remote side.
I have essentially the same config only my inside addresses for the serial line are different. A host on the main network having their def gateway pointing to the router gets to the internet ok thru our sonicwall (10.1.1.1) but the remote hosts cannot. The gateway of last resort on the remote router points to the serial interface of the main router. I cannot ping yahoo.com from the remote router. I had the ip-name server as our production DNS server but it probably can't respond to the remote router because the def gateway on it is not pointing to the main router at this time. I tried changing the ip name server to an external DNS and I still cannot ping yahoo.com. I don't know what is stopping access to the internet from the remote side.
Just for clarity, setting DNS lookup on a router does not assist clients, using that router as a default gateway, with name resolution.
DNS on a router simply allows the router to resolve names and not the traffic passing through it.
Trying resolving the name of yahoo.com and see if the clients can attach to that. If they can, the remote clients have a DNS problem.
Also check the Sonicwall is permitting Internet access from 10.3.1.0/24 and, more importantly, is correctly NATing them to a publically routable address.
DNS on a router simply allows the router to resolve names and not the traffic passing through it.
Trying resolving the name of yahoo.com and see if the clients can attach to that. If they can, the remote clients have a DNS problem.
Also check the Sonicwall is permitting Internet access from 10.3.1.0/24 and, more importantly, is correctly NATing them to a publically routable address.
- Status