Network Upgrade

[mikeleahy]

hi
we are in the planning process for joining our two networks over a wan connection. It will be a 512k connection that will be used for voice and AD replication and exchange etc. Our cork site has a subet 192.168.1.x and dublin is 192.168.0.x . We have 2 cisco 3800 routers and i am wondering about the config. Everyones gateway inc the server will obviously be the cisco router but how do i get the clients to go out through our firewall to get to the internet and how will our vpn clients be able to access the server for email etc if its gateway is the wan line i.e. cisco router. Is this correct???

1. everyones gateway will be the router
2. the routers gateway will be the firewall so all trafic will go the firewall and out to the net etc
3. A route will exist on the router saying " ip route any 192.168.0.x "serial port address" "

i.e. any is source i.e. all ips in our office. destination is dublin office (how do i write this , is 192.168.0.x right?? appreciating any help

 

[SMBgeek]

What type of WAN connection is this going to be...Frame Relay, T1/E1? What kind of firewall (PIX?). Are you doing your NAT at the Firewall?

Let's assume that the main site is Cork. So, you would have an ethernet interface from your 3800 going to your FW and another ethernet interface into your LAN. You would also have a serial interface going to dublin's 3800 (so you are using 3 interfaces from the 3800 in Cork). Dublin's 3800 would then have an ethernet interface into the Dublin LAN (using 2 interfaces).

Then everyone in Dublin will use the 3800 as their default router. That router, in turn, will forward all packets to the serial interface of the Cork router because Dublin is basically a stub network (no other WAN connection there right?).

Now, everyone at the Cork site will use the 3800 at Cork as their defualt gateway. The 3800 at cork will need to have a 2 node subnet setup between it and the FW. Such as 192.168.3.1 and 192.168.3.2 with a 255.255.255.252 mask. The 3800 in cork will then need to have a route to 192.168.0.x entered into it's routing table and a defualt gateway of the firewall. The firewall will then need to have a route entered for cork's LAN and dublin's LAN via the 3800 in Cork.

So, you have this...

1. 3800 in cork has 1 static route to Dublin and 1 default route of the FW. All other rotues are connected directly.

2. Dublin has 1 default route and all others are connected.

3. Firewall has a route to Cork's LAN and Dublin's LAN via the 3800 in Cork.

This would be made much easier if you were running a dynamic routing protocol like OSPF. Then, you could automate all the routing changes.

If you let me know what type of WAN connection and what type of firewall I can be more specific on addresses and routes. I hope this helps some.

http://www.smbgeek.com

 

[mikeleahy]

smb. thank for that. At the moment dublin have their own internet link via broadband so this was what i was going to do.

1. 3800 in cork is everyones gateway, its own gateway is that of the 837 firewall in cork 192.168.1.253 . Routes are

-ip route 192.168.2.x 255.255.255.0 10.1.1.2 1(serial port) (Route to Second Site)
-ip route 0.0.0.0 0.0.0.0 192.168.1.253 (Default Route sending everything else out internet gateway)

the routes in dublin would be much the same except for the correct addresses of course??? and their internet traffic will go out through their own firewall up there or would it be better to route it back to cork.

not sure what kind of wan connection it is... some sort of a new eircom thing, private vpn or something (bip reach)))