Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

point to point routers

Status
Not open for further replies.
shloindy

shloindy

MIS
May 9, 2002
4
US
HI
I'm having some trouble with my routers (I'm entry level).

I have 2 cisco 1721 routers connected by a point 2 point t1. "Main Location" and "Remote Location".
Main location router has another csu/dsu wic card connected to an ISP for internet access. Internet acces works at "Main location" but does not work at "remote location".
Remote location is able to ping all interfaces/systems/etc at main location.

I am using NAT and port forwarding.

Both routers are also DHCP servers.

Here is the config for the main location...
Building configuration...

Current configuration : 1826 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname main
!
enable secret 5 $1$mE53$cTuBRBNSYRztfrx/.y
!
ip subnet-zero
ip name-server 66.115.0.9
ip name-server 66.115.0.10
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
dns-server 66.115.0.10
default-router 192.168.1.1
!
ip dhcp-server 192.168.1.1
!
!
!
!
interface FastEthernet0
description connected to local lan
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description connected to internet
ip address x.x.x.x 255.255.255.252
ip nat outside
encapsulation ppp
service-module t1 clock source internal
service-module t1 remote-alarm-enable
!
interface Serial1
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
router rip
network 192.168.1.0
network 192.168.2.0
!

ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.3.0 255.255.255.0 192.168.2.2
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
password 7 060B0A355410817D08461C
login
line aux 0
line vty 0 4
password 7 082Cd495AB1604131F5A02
login
!
end


This is the config on the remote router...


Using 933 out of 29688 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname remote
!
enable secret 5 $1$0jAU$U3XjgfkQ7Wm/05C4Lb/CJ0
!
ip subnet-zero
ip name-server 66.115.0.9
ip name-server 66.115.0.10
ip dhcp excluded-address 192.168.3.1 192.168.3.50
!
ip dhcp pool 1
network 192.168.3.0 255.255.255.0
dns-server 66.115.0.9
default-router 192.168.3.1
!
!
!
!
!
interface FastEthernet0
description connected to lan
ip address 192.168.3.1 255.255.255.0
speed auto
!
interface Serial0
description connected to main location
ip address 192.168.2.2 255.255.255.0
service-module t1 remote-alarm-enable
!
router rip
network 192.168.2.0
network 192.168.3.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 192.168.2.1
no ip http server
!
!
!
line con 0
password 7 13081206190yg6t2E267526
login
line aux 0
line vty 0 4
password 7 141A171FbvhgB2B2F29793D
login
!
no scheduler allocate
end


Can anyone figure out why I dont have internet access at the remote location????
Thanks.
 
Sort by date Sort by votes
what are you telling the PC's at the remote location that the gateway is?

Not sure if it matters but I'd tell the remote 1721 to enable service-module clock internal as well.

I also dont see a "ip NAT inside" on the remote router. Shouldn't it have it as well?
 
Upvote 0 Downvote
Ive noticed this on your remote router also...

ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 192.168.2.1


You have your default route set to your serial interface, which is fine - but then you also have it set to the serial interface of the "main" router. Might want to fix that...
 
Upvote 0 Downvote
Some things I see right away:

You have no NAT statements on the main router. You have ip nat inside and outside on the correct interfaces, but no config that says "NAT this". Do this globally on the main router:

ip nat inside source list 1 interface s0 overload

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255

The above lines tell the router to nat whatever traffic comes in on FE0 of the main router and the serial1 of the main router that source from 192.1.0 /24 and 192.3.0/24. The overload statement is basically doing PAT. All traffic leaving your router to the internet will source using the ip of the serial facing the internet. When the traffic come back to your router from the web, it will do a lookup in the translations table and know what private IP that traffic belongs to. I really don't see how the lan on the main router can get out to the internet either, as the missing NAT statements affecting the remote router LAN, affect the main routr LAN as well.

As far as the remote router, nothing needs to be done there as far as NAT. Just make sure your gateway points to the main router.

As far as the two static routes at the remote router, you don't need both. But, the static route that points to the interface is the better route. If you point to the remote IP of the main router, the remote router needs to perform a recursive route lookup on the fowarding table to find out what interface to the send the packets out of. By just specifying the interface in your remote router's gateway of last resort (static route), you skip this recursive lookup. Hence, packets get forwarded quicker. This works this way for any static routes, not just gateways of last resort.

Also, you don't need that static route on your main router to get back to the remote router's ethernet segment. You are running rip and the router should learn this network dynamically. Actually, the better thing to do is just run static routes on both routers. For a simple setup like this, why take more memory from your router to run RIP. Not neccessary.

HTH
 
Upvote 0 Downvote
Thanks for all your advice.

labsonline was right the only thing you left out was
access-list 1 permit 192.168.2.0 0.0.0.255
I needed that as well.

 
Upvote 0 Downvote
You don't really need to add that 2.0/24 network. If you were to do a straight traceroute or ping to some destination on the internet from the remote router you would, but that is not really likely. If anything you would do an extended trace or ping using the remote router's ethernet and that network is covered in your ACL on the main router.

HTH,
robert.

 
Upvote 0 Downvote
You might wanna try specifying ip default-gateway from your remote location to Main location

ip default-gateway 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
 
Upvote 0 Downvote
why are you running rip 1 in classful mode (summarizing)?

if i were you, i'd use rip2 in classless, turn off auto-summarization, redistribute the static 0.0.0.0 route into RIP(on the main router) and call it a day.


are you running PPP on the T1 link (or any line protocol)?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
146
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
204
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
173
bdk76
bdk76
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
148
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
115
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top