Remote office Internet Access?

[SynchMe]

Ok here is my situation. I am setting up a completely new network. I have had my old one in place for ten years so it has been awhile since I did any of this work. I am running an MPLS IP based WAN. I have Cisco 2600 router at a remote office and a Cisco 3745 router at the main office.

The Main office also has the dual internet oonncetion for all of the office to access. It is also on a Cisco 2600.

The Internet router is connected to a Juniper SSG-320m in the untrust interface and the Cisco 3745 is connected from its Fa0/1 to the Juniper Trust interface. The main office network is connected to the Fa0/0 interface on the 3745 router and of course the MPLS IP circuit is in the serial.

The remote office is a simply MPLS IP circuit to the serial and Ethernet0/0 to the LAN.

The problem is I can communicate between both offices, RDP, Ping, etc. But the remote office cannot access the internet. The main office can access the Internet. I can not even do an extended ping from the remote office to any Internet address. It simply dies at the Main offices router fa0/1 interface (which goes to the firewall). I have assumed it was a routing issue but I have tried many different setups and now I am back to where I started. I am going to add the Main office Config and the Remote office config to the post. Can nayone see anything that may be preventing the remote offce from accessing the Internet?

FYI NAT is performed on the Juniper device and the main offices goes through the same router to get to the Internet and can access it fine.

Ceredo#show config
Using 1652 out of 155640 bytes
!
! Last configuration change at 08:49:03 EDT Wed Jun 25 2008
! NVRAM config last updated at 11:34:39 EDT Wed Jun 25 2008
!
version 12.3
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname This is the main site router
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
ip domain list mycompany.com
ip domain name mycompany.com
ip name-server 10.44.0.30
!
!
!
!
!
interface FastEthernet0/0
description Ceredo
ip address 10.44.0.2 255.255.252.0
ip accounting output-packets
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
description Ceredo
ip address 192.168.1.10 255.255.255.252
ip accounting output-packets
service-module t1 timeslots 1-24
!
interface FastEthernet0/1
description Uplink to INternet for all sites
ip address 10.44.40.1 255.255.252.0
ip accounting output-packets
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 150
redistribute static
passive-interface FastEthernet0/1
network 10.0.0.0
network 192.168.1.0
neighbor 192.168.1.9 Serial0/0
no auto-summary
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.44.40.2
ip route 10.44.0.0 255.255.0.0 Serial0/0 192.168.1.9
!
!
no logging trap
logging facility local2
!
line con 0
login
line aux 0
password 7 xxxxxxxxxxxxxxxxxxxxxxx
login
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxx
login
!
ntp clock-period 17177044
ntp server 198.82.1.204
ntp server 10.44.0.30 prefer
!
end



========================================================

KCTSCALE#show config
Using 1200 out of 29688 bytes
!
version 12.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname This is the remote site router
!
logging buffered 4096 debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
ip domain-list mycompany.com
ip domain-name mycompany.com
ip name-server 10.44.0.30
!
!
!
!
interface Ethernet0/0
description IP VPN Location 5
ip address 10.44.16.1 255.255.252.0
ip helper-address 10.44.0.30
ip accounting output-packets
full-duplex
!
interface Serial0/0
description IP VPN Location 5
ip address 192.168.1.26 255.255.255.252
ip accounting output-packets
no ip route-cache
no ip mroute-cache
service-module t1 timeslots 1-24
no cdp enable
!
router eigrp 150
redistribute static
network 10.0.0.0
no auto-summary
!
ip default-gateway 192.168.1.25
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0 192.168.1.25
ip http server
!
no logging trap
!
line con 0
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
!
ntp clock-period 17208322
ntp server 198.82.1.204
ntp server 10.44.0.30 prefer
end

 

[mcgruff04]

I don't hink this is a routing issue. Check to see what DNS server is setup on the pc's at the remote office...

 

[jpm121]

What is the reason this:

ip route 0.0.0.0 0.0.0.0 Serial0/0 192.168.1.25

and these:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.44.40.2
ip route 10.44.0.0 255.255.0.0 Serial0/0 192.168.1.9

You're running a routing protocol, I suggest you let it do its job. Set your default route to an IP address, the router knows which interface to use!

Please check out "sh ip route" for additional details.

 

[burtsbees]

You need network 192.168.1.0/24 in the remote eigrp statement. Also, I would specify masks, and include all networks, and not just supernet (well, summarize) the routes. This defeats the purpose of "no auto-summary".

Burt

 

[Minue]

Hello
Do you have a NAT statement for the remote subnet on the Juniper device?

Regards

 

[SynchMe]

Ok I will explain...

I thought I had closed this thread but I must not have click the Post button.

I will address all of the responses.

I am on MPLS IP VPN Circuits. Which neither technology is new to me or the industry but the combination of the two is different.

The issue ended up being with the ISP not having EIGRP setup on their end.



>>>I don't hink this is a routing issue. Check to see what >>>DNS server is setup on the pc's at the remote office...

DNS is good

>>>What is the reason this:

>>>ip route 0.0.0.0 0.0.0.0 Serial0/0 192.168.1.25

>>>and these:

>>>ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.44.40.2
>>>ip route 10.44.0.0 255.255.0.0 Serial0/0 192.168.1.9

Even though I use EIGRP for the routing protocol I still need the IP Route 0.0.0.0 0.0.0.0 due to the ISP. It is required for this type of network. Why, I do not know. It makes no since to me. Now that I have had them setup the EIGRP on their end I can probably remove it. But, if it is not broke do not fix it. Plus my time constraints right now are preventing me from taking the time to do this. The IP route 10.44.0.0 255.255.0.0 was simply for troubleshooting purposes.


>>>You need network 192.168.1.0/24 in the remote eigrp >>>statement. Also, I would specify masks, and include all >>>networks, and not just supernet (well, summarize) the >>>routes. This defeats the purpose of "no auto-summary".

Not actually needed. It is 192.16.1.0/30 for the MPLS network. Auto-Summary is not needed due to not using IP Class. Auto-Summary is a default setting for Cisco and very rarely needs to be used anymore. From what I understand Cisco very rarely changes default settings.

>>>Do you have a NAT statement for the remote subnet on >>>the Juniper device?

NAT, Policies and Interfaces were setup correctly.


Again unfortnately all of my and your troubleshoointg was for not because the ISP had their end configured incorrectly. I spent many days banging my head over this.

I would like to thank everyone for their posts. These forums have been invaluable to me over the past couple of months. I have been building a completely new network from scratch while running the old netowrk at the same time. My old network had been in place for 10 years so besides troubleshoointg from time to time I never had to touch my routers. It is amazing how much can be forgotten.

Thanks again everyone!!!