Setting up 2 Cisco Routers for internet (HELP !!!!!)

[lindsey69]

Hey Guys/Girls...
I have had a project thrown into my lap, I must setup two Cisco Routers over a microwave, where The local and remote network must both be able to access the internet. The trick is, that the two networks must not see eachother.
I have a Cisco 2501 and a 2514 Connected through a mircowave system, which spans approximatly 100k. (thats the irrelevant part) The link between the two is connected similar (exacly like) the PPP Serial Connection on the routers. I have these connected as an unumbered IP PPP attached to both Serial0 on each router.
The remote router has an IP of 192.168.10.254, and is connected to the remote network through the AUI port.
The local router has the Private IP of 192.168.0.254, connected to AUI0. The internet is connected to AUI1 with an IP of 192.168.1.1 (I am assuming this as a generic IP for Testing purposes)

Here is the trouble I am runnining into. When telneting throu the Remote router, I am able to ping the local router, but non of the other connecting devices (Local Network and Internet IP)
I then Telnet into (from the remote site) the Local Router, and am able to ping these devices. I can also ping the network on the remote side even if I telnet directly into the local router.
I beleive I am having problems with routing my TCPIP connections but have tried numerous things to get it to work.

Any help would be greatly appreciated, and as soon as possible.

PS. My Boss wants to be able to see the remote newtork, but not allow the remote netowrk to see the local network. like thats possible or is it....

LindS3Y

 

[thethmon]

LindS3Y, can you post the configurations that you're running. Todd Hethmon
thethmon@hethmon.com

 

[lindsey69]

Thanks for your reply Todd. Here is what I have

For the Tommy Router

Interface: Ethernet 0
IP: 192.168.10.254,255.255.255.0
Type: Ethernet
Connected 2: Tommy Network

Interface: Serial 0
IP: IP Unnumvered to Ethernet 0
Type: PPP (Sync Serial)
Connected 2: FSJ

Protocals: Using only TCP/IP

SNMP Enabled
Read Community: public
Read/Write Community: public

For Static Routing I have
Prefix: 192.168.10.0
Prefix Mask: 255.255.255.0
Interface/IP: 192.168.1.254
Admin Distance: 5
Permanent Route: Yes
Dynamic Routing Enabled


Here is the IOS Config

service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Tommy
!
enable password 3311
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to Tommy Netowrk
ip address 192.168.10.254 255.255.255.0
no keepalive
!
interface Serial 0
no shutdown
description connected to FSJ
ip unnumbered Ethernet 0
encapsulation ppp
!
interface Serial 1
no description
no ip address
shutdown
!
router rip
version 2
network 192.168.10.0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 192.168.10.0 255.255.255.0 192.168.1.254 5 permanent
no ip http server
snmp-server community public RO
snmp-server location Tommy Lakes
snmp-server contact
!
line console 0
exec-timeout 0 0
password 3311
login
!
line vty 0 4
password 3311
login
!
end


And The FSJ Router is as follows
Interface: Ethernet 0
IP: 192.168.1.254,255.255.255.0
Type: Ethernet
Connected 2: Internet

Interface: Ethernet 1
IP: 192.168.0.254,255.255.255.0
Type: Ethernet
Connected 2:FSJ Network

Interface: Serial 0
IP: IP Unnumvered to Ethernet 0
Type: PPP (Sync Serial)
Connected 2: Tommy

Protocals: Using only TCP/IP

SNMP Enabled
Read Community: public
Read/Write Community: public

For Static Routing I have
Prefix: 0.0.0.0
Prefix Mask: 0.0.0.0
Interface/IP: Ethernet 0
Admin Distance: 1
Permanent Route: No

Prefix: 192.168.0.0
Prefix Mask: 255.255.255.0
Interface/IP: Ethernet 1
Admin Distance: 1
Permanent Route: Yes

Prefix: 192.168.1.0
Prefix Mask: 255.255.255.0
Interface/IP: Ethernet 1
Admin Distance: 1
Permanent Route: Yes

Prefix: 192.168.10.0
Prefix Mask: 255.255.255.0
Interface/IP: Ethernet 1
Admin Distance: 1
Permanent Route: Yes

Dynamic Routing Enabled


Here is the IOS Configuration for the FSJ router
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname FSJ
!
enable password 3311
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to Internet
ip address 192.168.1.254 255.255.255.0
no keepalive
!
interface Ethernet 1
no shutdown
description connected to FSJ Network
ip address 192.168.0.254 255.255.255.0
keepalive 10
!
interface Serial 0
no shutdown
description connected to Tommy
ip unnumbered Ethernet 0
encapsulation ppp
!
interface Serial 1
no description
no ip address
shutdown
!
router rip
version 2
network 192.168.0.0
passive-interface Ethernet 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Ethernet 0
ip route 192.168.0.0 255.255.255.0 Ethernet 1 1 permanent
ip route 192.168.1.0 255.255.255.0 Ethernet 1 1 permanent
ip route 192.168.10.0 255.255.255.0 Ethernet 1 1 permanent
no ip http server
snmp-server community public RO
snmp-server location Fort Saint John
snmp-server contact
!
line console 0
exec-timeout 0 0
password 3311
login
!
line vty 0 4
password 3311
login
!
end


Now for the Static Routing, I was just playing with numbers to see if I am able to connect. It seems like the PPP connection works fine, Using SNMP I am able to telnet into either router from either side, I havn't tried from the internet as of yet.

Let Me know if you have suggestions, thanks again.

 

[l3stuff]

You need to be more specific with the network statement describing the networks. Think administrative distance. Think what the remote router knows about locally: - 192.168.x.x, now what are you advertising to it? 192.168.x.x. It will say, ok, I know what's locally attached, that get's my highest attention, then statics, then IGP's (where any version of RIP is rightfully at the bottom).

Now, 192.169.x.x is part of the RFC 1918 private address space, meaning you cannot use it as a ligitimate address on the public internet unless someone is NATing you into the internet. Now let's assume that is the case, the big thing RIP 2 brings to the table is VLSM's i.e the routing protocol carries masks in its updates so you can be more specific in describing the local and remote interface addresses so the router is not blinded...

Does this help??

 

[nakona]

Well your problem is that one you telnet into a router then you are AT the router.
So whatever router you telnet into is going to be able to "see" his local hosts.

Leastways that's the way it looks.

Anyhow, I guess you might want to figure out in what manner you want to control telnetting.
There are several ways to do it, some I know and some I don't, but I know who to ask if it comes to that.

So you figure out how you want to regulate telnet and there's most likely a way to do it.