Cisco Static Routing

[harborliving]

I am looking for a little help please as I am new to Cisco devices.

I have two subnets 192.168.168.0 (Home) and 192.168.165.0 (Office) I have both offices communicating right now between Cisco 1841's and a PtP T1. Internet is coming from the Home subnet currently through another T1. I need to unload the T1 so that IP phone traffic can pass more quickly. I have added DSL at the office and would like to direct internet traffic from the office through it. The Cisco 1841 at the office has an IP of 192.168.165.200. I have a Cisco PIX 501 that is between the new DSL and the Office Subnet at 192.168.165.1 I would like the PIX to serve as the DHCP server and also route traffic intended for the other subnet to pass to the 1841 and through the PtP T1 at 192.168.165.200. I have created static routes on the PIX for the other subnet with a gateway of 192.168.165.200. I can ping the other subnet through the PIX router's interface but cannot reach the other subnet from my office PC's. Am I missing some configuration on the 1841? for the static route? Any help would be much appreciated.

 

[North323]

what routing protocal are you using? are these locations connected by vpn? can you post your configs?

 

[harborliving]

I am just using static routes if possible.
The locations are connected by a point to point T1 with Cisco 1841's on each endpoint.

Here is the Config from the 1841 at our office (connected to office network and Point to Point T1)...
HarborSales#show config
Using 2102 out of 196600 bytes
!
version 12.4
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname HarborSales
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable password 7 04783B05002F4A470E
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.165.200 192.168.165.254
!
ip dhcp pool dpool1
import all
network 192.168.165.0 255.255.255.0
default-router 192.168.165.200
dns-server 192.168.168.200 208.29.225.20
domain-name hillcountryharbor.com
!
!
ip domain name hillcountryharbor.com
ip name-server 192.168.168.200
ip name-server 208.29.225.20
!
username Admin privilege 15 password 7 047807030E335A470C0E4441445355
!
!
!
interface FastEthernet0/0
description connected to Clearview$ETH-LAN$
ip address 192.168.165.200 255.255.255.0
load-interval 30
speed auto
full-duplex
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.170.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 1536
ip address 192.168.169.254 255.255.255.0
no ip mroute-cache
load-interval 30
!
ip default-gateway 192.168.169.253
ip classless
ip route 0.0.0.0 0.0.0.0 66.60.68.53
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 192.168.170.0 255.255.255.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
control-plane
!
banner login ^CC
-----------------------------------------------------------------------
No unauthorized access allowed!
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 01300A015A191006245B0F5F4F5D4E
login
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end


Keep in mind that I will be deleting the DHCP pool from this and using the DHCP on the PIX.

Here is the config from the PIX 501 (connected to new DSL and Office Network)...
HCHSalesPIX> enable
Password: ********
HCHSalesPIX# show config
: Saved
: Written by enable_15 at 19:18:33.930 CST Sun Mar 8 2009
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password K5b6wRvxgMSSazk5 encrypted
passwd K5b6wRvxgMSSazk5 encrypted
hostname HCHSalesPIX
domain-name hillcountryharbor.local
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip any 192.168.165.128 255.255.255.224
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 65.41.74.194 255.255.255.128
ip address inside 192.168.165.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNPool 192.168.165.130-192.168.165.150
pdm location 192.168.168.0 255.255.255.0 inside
pdm location 192.168.166.0 255.255.255.0 inside
pdm location 192.168.167.0 255.255.255.0 inside
pdm location 192.168.165.128 255.255.255.224 outside
pdm location 0.0.0.0 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 192.168.168.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
rip inside passive version 1
route outside 0.0.0.0 0.0.0.0 65.41.74.129 1
route inside 192.168.166.0 255.255.255.0 192.168.165.200 1
route inside 192.168.167.0 255.255.255.0 192.168.165.200 1
route inside 192.168.168.0 255.255.255.0 192.168.165.200 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.165.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
telnet 192.168.165.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP client configuration address local VPNPool
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.168.200 208.67.222.222
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn enable outside
dhcpd address 192.168.165.2-192.168.165.129 inside
dhcpd dns 192.168.168.200 208.67.222.222
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd option 66 ascii 192.168.168.175
dhcpd option 150 ip 192.168.168.175
dhcpd enable inside
terminal width 80
Cryptochecksum:30795a359c860519b0c572a221364dd4

 

[North323]

interface Serial0/0/0
bandwidth 1536
ip address 192.168.169.254 255.255.255.0
no ip mroute-cache
load-interval 30
!
ip default-gateway 192.168.169.253
ip classless
ip route 0.0.0.0 0.0.0.0 66.60.68.53
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 192.168.170.0 255.255.255.0 FastEthernet0/1

is serial 0/0/0 public facing? you have a non-routable address on that interface. i would also remove the static routes going to a specific interface.

 

[harborliving]

The Serial interface is the one that connects to the T1, to the other office. The 169 subnet is just between the two T1 routers. Do I need to define a route to the 165 subnet on the T1 router in the office to point to the PIX firewall as it will be the default route for clients? Thank You!

 

[North323]

i think you should have a public IP address on s0/0/0 if that is connected to the T1