Hello all, We have in our main site a Cisco 2620 router with a dual T1 Wic (3Mb) connection to our ISP. I need to configure a point to point connection from our remote site to the 2620. The remote site is using a 1720 with a single T1DSU Wic card. I'm installing a single T1 DSU Wic on the 2620 which has an available slot. Ideal solution is to route everybody's data on the remote end to our main site, so they care share our new 3Mb internet line. The 2620 router is not doing nat, we have a firewall with a external and internal interface. How will I point the remote clients to know the firewall gateway? Can anybody post any configs or links on how to setup both routers, thanks so much who helps.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Point to Point configuration between 2620 and 1720 routers
- Thread starter UNIX72
- Start date
- Thread starter
- #21
Hey all, it was the telco's fault,bad pair of wiring outside. I can now ping serial to serial interface from remote to main. Now I want the remote site to be able to get internet access from main. The main router use for the internet 3mb line is a 2610xm and not doing nat , we have a sonicwall firewall for that purpose. The main network is 192.168.1.0 and remote 192.168.2.0. Does the point to point router at the main site which is a 2610 need special configuration. I guess the remote clients need to know that the Sonicwall firewall is the internet gateway. Any sample configs or links. I really appreciated so much the help all of you have share, thanks.
- Thread starter
- #22
- Thread starter
- #23
DanInRaleigh
Technical User
..yes add static routes..
add static routes in both routers..
**tell router 1700 where the 2600's lan is
ip route 192.168.1.0 0.0.0.255 10.0.0.1 1 (what ever you lan subnet is behind 2600)
**tell router 2600 where the 1700's lan is
ip route 192.168.2.0 0.0.0.255 10.0.0.2 1 (what ever you lan sunbnet is behind 1700)
CCNP,CCSP,MCSE,Sec+,Net+,A+...
add static routes in both routers..
**tell router 1700 where the 2600's lan is
ip route 192.168.1.0 0.0.0.255 10.0.0.1 1 (what ever you lan subnet is behind 2600)
**tell router 2600 where the 1700's lan is
ip route 192.168.2.0 0.0.0.255 10.0.0.2 1 (what ever you lan sunbnet is behind 1700)
CCNP,CCSP,MCSE,Sec+,Net+,A+...
- Thread starter
- #25
DanInRaleigh, i did what you suggested, but still no luck. I'm posting the running config from both routers. Also when I tried to place the command ip route 192.168.1.0 0.0.0.255 10.1.1.1 1 I received the following error "Inconsistent mask" so instead of using 0.0.0.255, I used 255.255.255.0, please let me know if this makes a difference. Also from the 2620 router I can ping all interfaces on the remote router(1720) plus hosts on subnet, but the remote router can only ping the serial and ethernet interface on the main router(2620), can't ping any hosts on subnet, please advise, thanks so much!
(Router 2620)
Router#sh run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.254 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.168.2.0 255.255.255.0 10.1.1.2
no ip http server
line con 0
transport input none
line aux 0
line vty 0 4
login
end
Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.2/32 is directly connected, Serial0/0
C 10.1.1.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, Ethernet0/0
S 192.168.2.0/24 [1/0] via 10.1.1.2
S* 0.0.0.0/0 is directly connected, Serial0/0
Router#
(1721)
Router#sh run
Building configuration...
Current configuration : 721 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool RA
network 192.168.2.0 255.255.255.0
!
ip dhcp pool ra
default-router 192.168.2.1
ip cef
interface FastEthernet0
ip address 192.168.2.1 255.255.255.0
ip directed-broadcast
speed auto
interface Serial0
ip address 10.1.1.2 255.255.255.252
encapsulation ppp
fair-queue
service-module t1 timeslots 1-24
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.1.0 255.255.255.0 10.1.1.1
ip http server
line con 0
line aux 0
line vty 0 4
login
(Router 2620)
Router#sh run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.254 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.168.2.0 255.255.255.0 10.1.1.2
no ip http server
line con 0
transport input none
line aux 0
line vty 0 4
login
end
Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.2/32 is directly connected, Serial0/0
C 10.1.1.0/30 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, Ethernet0/0
S 192.168.2.0/24 [1/0] via 10.1.1.2
S* 0.0.0.0/0 is directly connected, Serial0/0
Router#
(1721)
Router#sh run
Building configuration...
Current configuration : 721 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool RA
network 192.168.2.0 255.255.255.0
!
ip dhcp pool ra
default-router 192.168.2.1
ip cef
interface FastEthernet0
ip address 192.168.2.1 255.255.255.0
ip directed-broadcast
speed auto
interface Serial0
ip address 10.1.1.2 255.255.255.252
encapsulation ppp
fair-queue
service-module t1 timeslots 1-24
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.1.0 255.255.255.0 10.1.1.1
ip http server
line con 0
line aux 0
line vty 0 4
login
on the remote try and only put
ip route 0.0.0.0 0.0.0.0 10.1.1.2
on the main try and only put
ip route 0.0.0.0 0.0.0.0 sonic gateway
for your dhcp set it up like this
ip dhcp pool 1
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
Mauricio
MCP, MCSE, SMS 2.0, DCSE, CCNA, CCNP, CCIE Written
ip route 0.0.0.0 0.0.0.0 10.1.1.2
on the main try and only put
ip route 0.0.0.0 0.0.0.0 sonic gateway
for your dhcp set it up like this
ip dhcp pool 1
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
Mauricio
MCP, MCSE, SMS 2.0, DCSE, CCNA, CCNP, CCIE Written
DanInRaleigh
Technical User
...i'm sorry about the above..
...you do not do
ip route 192.168.1.0 0.0.0.255 (no wild card mask option)
..i was thinking you would use a *wild card mask* config
you would do
ip route 192.168.1.0 255.255.255.0 10.x.x.x
...and by all means this should work...
...also make sure you router is configured properly for dhcp requests as MauricioD was mentioning..
....if any question about the dhcp...statically configure it to take that out of the picture...
CCNP,CCSP,MCSE,Sec+,Net+,A+...
...you do not do
ip route 192.168.1.0 0.0.0.255 (no wild card mask option)
..i was thinking you would use a *wild card mask* config
you would do
ip route 192.168.1.0 255.255.255.0 10.x.x.x
...and by all means this should work...
...also make sure you router is configured properly for dhcp requests as MauricioD was mentioning..
....if any question about the dhcp...statically configure it to take that out of the picture...
CCNP,CCSP,MCSE,Sec+,Net+,A+...
Holy crap, do I ever have a headache after THIS post!!!
- Thread starter
- #29
- Thread starter
- #30
Updated status, I have one more major problem, the remote site can't get out to the internet. Both main and remote can ping each other routers and hosts on each subnet. When i tried to ping a site thru domain name or ip I get the following error "( packet lost in transit 10.1.1.1), 10.1.1.1 is the serial inteface ip address at the main place. I have manually configure the DNS ip addresses on the clients, but still no luck. Im drawing a diagram illustrate to the problem. I have 3 routers in my network 2 of them of course are for the point to point, then my internet router (2611xm) has a dual T1 line, also we are using a sonicfirewall to handle NAT, VPN and its the gateway for the entire subnet at main location.
Remote Network (1721) Main (2610)
192.168.2.x Full Point to point T1 192.168.1.x
10.1.1.2 S0----------------------------10.1.1.1
|
|
|
(2611XM) Dual T1
|
||
ISP
The internet router (2610xm) is just handling the dual t1 interface, its local ethernet interface is not even part of our internal subnet. The ethernet interface has a public ip address which is the gateway address of the Sonicwall Firewall. Any advice, thanks so much.
Remote Network (1721) Main (2610)
192.168.2.x Full Point to point T1 192.168.1.x
10.1.1.2 S0----------------------------10.1.1.1
|
|
|
(2611XM) Dual T1
|
||
ISP
The internet router (2610xm) is just handling the dual t1 interface, its local ethernet interface is not even part of our internal subnet. The ethernet interface has a public ip address which is the gateway address of the Sonicwall Firewall. Any advice, thanks so much.
- Thread starter
- #31
Updated news, I added this line on my main router , ip route 0.0.0.0 0.0.0.0 192.168.1.1 (Sonicwall), now from the main router i can ping domain names just fine, and for a minute or so I was able to do the same on the remote end, but now I can't ping no website addresses neither by domain name or ip address. This is only effecting the remote end, the main router is pinging domain names just fine. I'm thinking its within my ip routing tables on my remote end. Please help im stump, any suggestions? Thanks
DanInRaleigh
Technical User
.so your remote is routing this way to ISP
1721<-------->main router<------->sonicfirewall<------>2600xm<----->isp
*the main router can route/resolve through the sonic firewall to ISP
..as long as you have default route in the 1721..
ip route 0.0.0.0 0.0.0.0 10.1.1.1 1
..this is the only route out of that "stub zone"
...i dont think your problem is there
..how bout the sonic..does it have route pointing to 1721?
..can it ping 1721..remeber it does'nt inherit this route just because it is connected to the main router
..here is something i do, sometimes gives me clue..sometimes not..i use this for advance problems while studying in my ccie lab
...you shouldnt need it..because static routes/basic routing just needs step by step making sure you can ping across next hope
perimeter_router(config)#ip access-list extended 100
perimeter_ro(config-ext-nacl)#permit ip any any
...you can apply the this access list to any interface (in or out)
..wont effect anything...
perimeter_router#debug ip routing 100
IP routing debugging is on for access list 100
CCNP,CCSP,MCSE,Sec+,Net+,A+...
1721<-------->main router<------->sonicfirewall<------>2600xm<----->isp
*the main router can route/resolve through the sonic firewall to ISP
..as long as you have default route in the 1721..
ip route 0.0.0.0 0.0.0.0 10.1.1.1 1
..this is the only route out of that "stub zone"
...i dont think your problem is there
..how bout the sonic..does it have route pointing to 1721?
..can it ping 1721..remeber it does'nt inherit this route just because it is connected to the main router
..here is something i do, sometimes gives me clue..sometimes not..i use this for advance problems while studying in my ccie lab
...you shouldnt need it..because static routes/basic routing just needs step by step making sure you can ping across next hope
perimeter_router(config)#ip access-list extended 100
perimeter_ro(config-ext-nacl)#permit ip any any
...you can apply the this access list to any interface (in or out)
..wont effect anything...
perimeter_router#debug ip routing 100
IP routing debugging is on for access list 100
CCNP,CCSP,MCSE,Sec+,Net+,A+...
- Thread starter
- #33
DanInRaleigh
Technical User
- Status
Similar threads
- Locked
- Question