Routing to internet via point to point T1 1

[slwilson]

I am installing 5 cisco 1721's that are connecting back to a Cisco 2691 with 3 serial interfaces for inbound T1s. The sites are A (2691), B (1721 with Wic2t), C(1721 with Wic2t), D (1721 with Wic1 csu/dsu), E (1721 with Wic1 csu/dsu), and F (1721 with Wic1 csu/dsu). Sites C and E will send all traffic back to Site A for routing to a server on Site A's network or out through its fa0/0 interface to a SonicWall firewall and out to the internet. Site F will send all traffic to site B which will make the decision to route traffic either to Site A or out its own fa0 interface to its own DSL connection to the Internet. There are various problems that I am having am curious for any help here. Here are the problems:

1. From site C to Site A can get to server on Site A's network (10.0.0.10) without problem but cannot route traffic to the internet through fa0/0.

2. From site C to Site B cannot ping the fa0 interface of site B (10.0.6.1) from inside the router at Site C (10.0.3.1) but can ping and telnet to any host on 10.0.6.0 network from any host on the 10.0.3.0 network.

3. Cannot route traffic from Site E to Site A through Site C.

4. Can ping from Site B router interface to Site C router interface and hosts on Site C network but cannot do the reverse from the router interface of site C.

Here are the configs for the sites:

I am not worried about passwords or ip addresses being show as these are all on a private WAN network that cannot be accessed remotely.


Site A

moultrie2691#show conf
Using 1248 out of 57336 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname moultrie2691
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$SOBr$BCkxCunYfXb2Z6RHpejer1
enable password cemc-cisco
!
no aaa new-model
ip subnet-zero
!

no ftp-server write-enable
!

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
speed auto
full-duplex
no mop enabled
!
interface Serial0/0
description Moultrie to Valdosta Link
ip address 192.168.100.1 255.255.255.252
no fair-queue
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description Moultrie to Tifton Link
ip address 192.168.100.5 255.255.255.252
!
interface Serial0/2
description Moultrie to Adel Link
ip address 192.168.100.9 255.255.255.252
!
interface Serial0/3
no ip address
shutdown
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.254
ip route 10.0.3.0 255.255.255.0 Serial0/2
ip route 10.0.4.0 255.255.255.0 Serial0/0
ip route 10.0.5.0 255.255.255.0 Serial0/2
ip route 10.0.6.0 255.255.255.0 Serial0/0
ip route 10.0.7.0 255.255.255.0 Serial0/1
ip http server
!

line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end

Site B

valdosta1721#show conf
Using 1116 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname valdosta1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$G2Mp$HprsNiCj0niaz3QhM7BSh.
enable password cemc-cisco
!
no aaa new-model
ip subnet-zero
!

ip name-server 205.152.53.252
ip name-server 205.152.37.254
ip name-server 205.152.0.20
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface FastEthernet0
ip address 10.0.6.1 255.255.255.0
speed auto
half-duplex
!
interface Serial0
description Moultrie to Valdosta Link
ip address 192.168.100.2 255.255.255.252
no fair-queue
!
interface Serial1
description Valdosta to Quitman Link
ip address 192.168.100.17 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.6.254
ip route 10.0.0.0 255.255.255.0 Serial0
ip route 10.0.4.0 255.255.255.0 Serial1
no ip http server
!
control-plane
!
line con 0
line aux 0
password sts8875
modem InOut
transport input all
autoselect ppp
speed 115200
flowcontrol hardware
line vty 0 4
password cisco
login
!
no scheduler allocate
!
end

Site C

adel1721#show run
Building configuration...

Current configuration : 819 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname adel1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$zjgw$BIOt5.cI0Vcb2D4ptUMP3.
enable password Cemc-Cisco
!
no aaa new-model
ip subnet-zero
!
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface FastEthernet0
ip address 10.0.3.1 255.255.255.0
speed auto
full-duplex
!
interface Serial0
ip address 192.168.100.10 255.255.255.252
no fair-queue
!
interface Serial1
ip address 192.168.100.13 255.255.255.252
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.0.0.0 255.255.255.0 Serial0
ip route 10.0.5.0 255.255.255.0 Serial1
no ip http server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end

Site D

ifton1721#show conf
Using 895 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname tifton1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Glo5$CMTM/U50SYns8ub2smPzx.
enable password encryption
!
no aaa new-model
ip subnet-zero
!
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface FastEthernet0
ip address 10.0.7.1 255.255.255.0
speed auto
half-duplex
!
interface Serial0
description Moultrie to Tifton Link Circuit ID
ip address 192.168.100.6 255.255.255.252
fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.7.254
ip route 10.0.0.0 255.255.255.0 Serial0
no ip http server
!
control-plane
!
line con 0
line aux 0
password sts8875
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
password cisco
login
!
no scheduler allocate
!
end

Site E

nashville1721#show conf
Using 772 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nashville1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9BD4$UjqdJ6Qk0vDaf0xkFADLN/
enable password encryption
!
no aaa new-model
ip subnet-zero
!
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface FastEthernet0
ip address 10.0.5.1 255.255.255.0
speed auto
full-duplex
!
interface Serial0
ip address 192.168.100.14 255.255.255.252
fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
control-plane
!
line con 0
line aux 0
password wordup
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
password cisco
login
!
!
end

Site F

uitman1721#show conf
Using 850 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname quitman1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$NE82$Wzkv0r8E7uMHqw5A2R4yU1
enable password encryption
!
no aaa new-model
ip subnet-zero
!
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface FastEthernet0
ip address 10.0.4.1 255.255.255.0
speed auto
half-duplex
!
interface Serial0
description Valdosta to Quitman Circuit ID 50DHZX553133
ip address 192.168.100.18 255.255.255.252
fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
control-plane
!
line con 0
line aux 0
password sts8875
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
password cisco
login
!
no scheduler allocate
!
end

Please advise of any config problems and because this is only about the 3rd or 4th Cisco setup i have done, I would still consider myself a newbie and will take all suggestions that are offered. Sorry about the lengthy post but i thought the more info the better. Hope someone can help. Thanks in advance

Scott

 

[pmesjar]

1. From site C to Site A can get to server on Site A's network (10.0.0.10) without problem but cannot route traffic to the internet through fa0/0.

10.0.0.254 router should be doing NAT, but since you are using private addresses, I assume you know this and your NAT is setup correctly. According to your config listings, traffic should be routed right, but have you considered traffic flow in opposite direction, from Internet to site C? Are acls or any firewall set up correctly to pass traffic from Internet to your internal network to site C? Also static route "ip route 10.0.0.0 255.255.255.0 Serial0" is of no use in your set up, you can safely remove it from Adel.

2. From site C to Site B cannot ping the fa0 interface of site B (10.0.6.1) from inside the router at Site C (10.0.3.1) but can ping and telnet to any host on 10.0.6.0 network from any host on the 10.0.3.0 network.

Lets take a look at your static routes (I'll number them for the reference):
1.) ip route 0.0.0.0 0.0.0.0 10.0.6.254
2.) ip route 10.0.0.0 255.255.255.0 Serial0
3.) ip route 10.0.4.0 255.255.255.0 Serial1

According to static route 2, pinging from source hosts behind 10.0.3.0 will be routed back correctly by Valdosta, but according to default route 1, pinging directly from router Adel will fail, because router will pick an IP address 192.168.100.10 as source address of pings and when pings are received by Valdosta, they will be sent to 10.0.6.254. According to your configs I can't figure out where this IP address is configured on, but shouldn't this route be configured like this?:

ip route 0.0.0.0 0.0.0.0 Serial0

I have found similar situation on Site D:
ip route 0.0.0.0 0.0.0.0 10.0.7.254

should not say ip route 0.0.0.0 0.0.0.0 Serial0 ?

You can try extended ping and exactly specify the source address of ping packets. Just issue "ping" on router command prompt without any parameter, follow the questions and on the line Extended commands (or something similar) press y. The next question is about source IP address.

3. Cannot route traffic from Site E to Site A through Site C.

According to your static route configurations, for source addresses from Site E 10.0.5.0 it should work, but will not work for 192.168.100.14. I would verify your routing tables along the way from Site E - Site C - Site A, whether the correct routes are present.

4. Can ping from Site B router interface to Site C router interface and hosts on Site C network but cannot do the reverse from the router interface of site C.

I guess you will find the answer to this in your question 2

Hope this helps

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[slwilson]

Thank you for your reply. I guess I should have clarified about the routes that are 10.0.x.254. In those sites they have their own internet circuit and are routing default traffic to the internet firewall at their site. That is why the default routes in those sites are pointing to the 10.0.x.254 address.

On question 1, NAT is setup correctly but the firewall is something that was in place before this project was started and I did not install it. I will have to configure some static routes in it in order to get traffic back to the correct locations. This is a lower priority issue than the passing of traffic between sites on the other questions. The 192.168.100.x ip addresses are the ip addresses of the the serial interfaces on the WAN links. I will try the extended ping suggestion, that should help me find my holes. I will look at the rest of your suggestions and try to see where my routing is lacking. If you see anything else please let me know. Thanks again for your help.

Scott Wilson

 

[pmesjar]

If you will need any more help, please give me a copy of the output from "show ip route" from all of your routers. This is the first thing you have to verify when trying to check wheteher the routers are routing correctly.

But I see from the reply you want to add some more static routes. Isn't it time to switch to dynamic routing? It is whole lot easier to administer.

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[slwilson]

Don't know enough about dynamic routing to implement. Would love to if possible. and here are the show ip routes from the routers that are in the field as of today.

Site A

10.0.0.0/24 is subnetted, 6 subnets
S 10.0.3.0 is directly connected, Serial0/2
C 10.0.0.0 is directly connected, FastEthernet0/0
S 10.0.6.0 is directly connected, Serial0/0
S 10.0.7.0 is directly connected, Serial0/1
S 10.0.4.0 is directly connected, Serial0/0
S 10.0.5.0 is directly connected, Serial0/2
192.168.100.0/24 is variably subnetted, 10 subnets, 2 masks
S 192.168.100.13/32 is directly connected, Serial0/2
S 192.168.100.14/32 is directly connected, Serial0/2
C 192.168.100.8/30 is directly connected, Serial0/2
S 192.168.100.10/32 is directly connected, Serial0/2
C 192.168.100.4/30 is directly connected, Serial0/1
S 192.168.100.6/32 is directly connected, Serial0/1
C 192.168.100.0/30 is directly connected, Serial0/0
S 192.168.100.2/32 is directly connected, Serial0/0
S 192.168.100.17/32 is directly connected, Serial0/0
S 192.168.100.18/32 is directly connected, Serial0/0
S* 0.0.0.0/0 [1/0] via 10.0.0.254

Site B

Gateway of last resort is 10.0.6.254 to network 0.0.0.0

10.0.0.0/24 is subnetted, 5 subnets
S 10.0.3.0 is directly connected, Serial0
S 10.0.0.0 is directly connected, Serial0
C 10.0.6.0 is directly connected, FastEthernet0
S 10.0.7.0 is directly connected, Serial0
S 10.0.5.0 is directly connected, Serial0
192.168.100.0/30 is subnetted, 1 subnets
C 192.168.100.0 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 10.0.6.254

Site C

Gateway of last resort is 10.0.3.254 to network 0.0.0.0

10.0.0.0/24 is subnetted, 5 subnets
C 10.0.3.0 is directly connected, FastEthernet0
S 10.0.0.0 is directly connected, Serial0
S 10.0.6.0 is directly connected, Serial0
S 10.0.7.0 is directly connected, Serial0
S 10.0.4.0 is directly connected, Serial0
192.168.100.0/30 is subnetted, 1 subnets
C 192.168.100.8 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 10.0.3.254

Site D

Gateway of last resort is 10.0.7.254 to network 0.0.0.0

10.0.0.0/24 is subnetted, 6 subnets
S 10.0.3.0 is directly connected, Serial0
S 10.0.0.0 is directly connected, Serial0
S 10.0.6.0 is directly connected, Serial0
C 10.0.7.0 is directly connected, FastEthernet0
S 10.0.4.0 is directly connected, Serial0
S 10.0.5.0 is directly connected, Serial0
192.168.100.0/30 is subnetted, 1 subnets
C 192.168.100.4 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 10.0.7.254

hope that helps you see my errors and I would love to know how to setup some dynamic routing. Thanks again for your help

Scott Wilson

 

[pmesjar]

Right now I cannot spot anymore problems. Try my suggestions first then let me know. Also you have forgot to give me the output of Site E and F routing table.

Setting basic dynamic routing is easy. For such small network as yours (5-6 routers) RIPv2 should be enough. On all your routers do the following:

Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network NETWORK-ADDRESS

the network statement should be issued for all directly connected subnets to your router, eg. on site E:

network 10.0.0.0
network 192.168.100.0

After verifying the connectivity you can safely get rid of all your static routes except for default routes, that is routes in form of 0.0.0.0 0.0.0.0

If you want to go deeper into dynamic routing protocols, I would suggest go and buy yourself a book for around 50$ and I recommend CiscoPress titles - little more expensive but worth it.

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[slwilson]

thanks and I will try that on the routers later this week. Didn't give you the site e and site f routing tables because they are not installed yet. They will be installed later this week. I will let you know how it all works out. Thanks again for all of your suggestions.

Scott Wilson

 

[slwilson]

Have implemented the rip v2 on all routers and that appears to be working but am now realizing that the reason why traffic is not getting out to the internet is that NAT is not able to handle the traffic from the remote sites, how can i let the cisco NAT the traffic from the remote sites so that the gateways recognize them as local to that network. Please advise.

Scott Wilson

 

[pmesjar]

In the post I have emailed you, I asked for routing tables. But I think you want me to show you example config for NAT on your Internet gateways, is that right? If yes, give one of your gateway router example config - mainly IP addressing of all interfaces and indicate which interface is connected to Internet and which is connected to inside networks (you can XX the addresses or change them to anything else - then I'll just use them in NAT example).

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk