Cisco 2651 2 separate networks across t1

[wjohnson2k1]

Helloooo... So I just browsed upon this forum, and it looks to have some good talent hiding within it, and hopefully I'll be in luck to see if someone can answer my interesting question...

I just started working for a Library that has multiple locations connected via Fiber. Recently we hooked up one of our outlying connections via a T1 p2p link. Currently the T1 is working great, but we are in the process of segrating our networks into public/private. Where I'm stuck is how can I do this across a t1? Our network is kind of backwards, so it makes this a little more complicated :S

Here's my current set up

Cisco 2651xm Both sides T1 is on Serial 0/0 for each router. It then goes into a Public Watchguard Firbox and a Private watchguard Firebox. The router itself isn't really doing much for routing (see config below)

Remote Side Router:
Current configuration : 1209 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IslandRouter
!
logging queue-limit 100
enable secret 5 $1$JkqO$bkoY3oY7rTFBYI4SCWL5W/
enable password rig0r
!
ip subnet-zero
ip cef
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
interface FastEthernet0/0
ip address 192.168.202.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.16
description Island Public Subnet
no cdp enable
!
interface Serial0/0
description Island T1
ip address 10.10.10.3 255.255.255.0
encapsulation ppp
no ip mroute-cache
autodetect encapsulation ppp
no fair-queue
service-module t1 fdl both
!
interface FastEthernet0/1
no ip address
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1.16
encapsulation dot1Q 908 (Public Vlan)
ip address 192.168.16.1 255.255.255.0
no cdp enable
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.4 (this is the other end of the T1)
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
dial-peer cor custom
!
!
line con 0
line aux 0
line vty 0 4

Data Center Router

Current configuration : 2450 bytes
!
! Last configuration change at 10:41:50 PST Wed Jul 9 200
!
version 12.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname dcrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
clock timezone PST -8
no aaa new-model
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip name-server 192.168.201.2
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
description DC LAN
encapsulation dot1Q 900 native
ip address 192.168.101.50 255.255.255.0
!
interface FastEthernet0/0.2
description Shared Services
encapsulation dot1Q 904
ip address 192.168.0.1 255.255.255.0
!
interface Serial0/0
description Island T1 DC side
ip address 10.10.10.4 255.255.255.0
encapsulation ppp
no ip mroute-cache
autodetect encapsulation ppp
no fair-queue
service-module t1 fdl both
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1.16
encapsulation dot1Q 908 (public vlan)
ip address 192.168.16.2 255.255.255.0
no cdp enable
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.101.2
ip route 192.168.0.0 255.255.255.0 192.168.101.2
ip route 192.168.101.0 255.255.255.0 192.168.101.56
ip route 192.168.104.0 255.255.255.0 192.168.100.0
ip route 192.168.105.0 255.255.255.0 192.168.104.1
ip route 192.168.201.0 255.255.255.0 192.168.101.5
ip route 192.168.202.0 255.255.255.0 10.10.10.3
ip route 192.168.203.0 255.255.255.0 192.168.101.200
ip route 192.168.204.0 255.255.255.0 192.168.101.2
ip route 192.168.205.0 255.255.255.0 192.168.101.2
ip route 192.168.206.0 255.255.255.0 192.168.101.2
ip route 192.168.207.0 255.255.255.0 192.168.101.2
ip route 192.168.208.0 255.255.255.0 192.168.101.2
ip route 192.168.209.0 255.255.255.0 192.168.101.201
ip route 192.168.210.0 255.255.255.0 192.168.101.2
ip route 192.168.211.0 255.255.255.0 192.168.101.2
ip route 192.168.254.0 255.255.255.0 192.168.201.1
!
!
snmp-server community ro RO
snmp-server community public RO
snmp-server enable traps tty
!
!
line con 0
line aux 0
line vty 0 4
password 7 045602121571
login
!
ntp clock-period 17207647
ntp server 192.5.41.40
!
!

So the ultimate goal is to have all 192.168.16.0 /24 traffic go to 192.168.10.1 on vlan 908 and all other traffic go to 192.168.101.2 on vlan 1/900

The routing tables in this network are a mess, but I have to get this up and running before I can reverse engineer the last tech's work...which should be fun

 

[wjohnson2k1]

Still working on this issue, Haven't been able to find a solution. Anyone have any ideas?

 

[burtsbees]

Where is vlan 908??? I don't see it configured in the routers...

Burt

 

[wjohnson2k1]

*Burtsbees*

interface FastEthernet0/1.16
encapsulation dot1Q 908 (Public Vlan)
ip address 192.168.16.1 255.255.255.0
no cdp enable

On both routers, and in the vlan database of the switch. Should I post that Config as well?

 

[burtsbees]

Okay---I guess I meant 192.168.10.0/24---
"So the ultimate goal is to have all 192.168.16.0 /24 traffic go to 192.168.10.1 on vlan 908"---that looks like 10.1 is on vlan 908...
So where is 192.168.10.1?

Burt

 

[wjohnson2k1]

Burt-
192.168.10.1 Is a Firebox edge device, which at the moment is doing all the duties of a router and a firewall.

I'll try and draw up an updated network map this morning and post it so you can understand the traffic pattern a little better.

Thanks,
-wayne