Routing advice

[mikev80]

I just took over management of a LAN with the following subnet 10.10.10.0, with a gateway of 10.10.10.1, used as a VPN gateway to other networks. The devices on the existing network needs to communicate to one computer that's in a new subnet that I'm implementing, 192.168.0.0. The computer has the ip address 192.168.0.100 and the cisco router's ip is 192.168.0.1. The third interface on the cisco will have ip 10.10.10.2 so it can connect to the existing subnet.

I don't have access to the VPN gateway on the existing network, we would like to leave that alone.

I'm thinking of changing the gateway ip address of the devices on the existing network to 10.10.10.2. Add two static routes:
ip route 192.168.0.100 255.255.255.0 FastEthernet0/0 (which is 192.168.0.1)
ip route 10.10.10.0 255.255.255.0 FastEthernet0/1 (which is 10.10.10.2)

Is this the best method? Any comments or suggestions? TIA

 

[IPKONFIG]

I don't think your going to get the results your looking for here. If you have an existing LAN in the 10.10.10.x range and the gateway is .1 to "other networks" and you want to put in another router with an address of 10.10.10.2 and have it also connected to your new subnet of 192.168.0.x network, how do you expect the PC's to get to the "other networks" if you change their gateways to .2? The router will not know how to deal with any traffic except the directly connected networks. I think you'll black hole traffic destined for "other networks" or even the internet if it's off the VPN gateway. Maybe if you assigned a wildcard route to point to the VPN gateway...

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[mikev80]

That's true. I guess the easiest way is to just add a static route on the VPN gateway so it knows about the 192.168.0.0 network and send all traffic going there to the cisco router.

 

[IPKONFIG]

That sounds like a better idea and a lot less work.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[mikev80]

yea...the support for that gateway is crap and they're very tight on giving access. anyway, thanks for your input. I was hoping I could do something like "if packets are coming through this interface and destined for 192.168.0.100 go to this interface, for all other traffic go to 10.10.10.1." I guess it's more complicated than that.

 

[IPKONFIG]

If you wanted to do your original idea, you'd just need to point a quad zero network to to the VPN gateway and that would work too. But you'd be better off changing the gateway to see the 192.168.0.X network.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[mikev80]

I thought about that, but that won't work either because the VPN gateway would reject all traffic from the new network, the 192.168.0.0 network.

 

[TravisM]

Just NAT the traffic heading out and the VPN gateway will think it's from the 10.10.10.0 network, if you REALLY wanted to do it.