Static Routing gone Bad!

[doohder]

Here is what I have for a network layout everything I kinda of in the testing phase right now since all the locations are not connected yet. So here is what I currently have workin I have all the Internal users going through the ISA server by setting the gateway of last resort to the ISA server on the routers which is 10.0.0.2. I have a wireless system that needs to stay a public address so I am trying to set up a static route out to the T1 router to no avail. When I put in static route in such as 0.0.0.0 0.0.0.0 10.1.0.1. It will kick the internal users off going through the ISA server. I guess what I am asking how to I build a static route to the 216.x.x.161 with out affecting the 10.x.x.x users.

 

[doohder]

It gets to the 10.2.0.1 after that won't trace any further. I also tried doing a trace route from the Router its self just get * * * so another thing i tested to was to see if i could ping from the ISA to the User behind GrandRios router. I can ping that far.

 

[SQL2KDBA69]

ok what routes u have in the GR and PLP routers when they got disconnected?

 

[SQL2KDBA69]

also when there disconnect see how far you can ping from behind the grandrios router. start by ping 10.1.0.1 then 10.0.0.1 then 10.7.0.1 then 216.x.x.170 then 216.x.x.166

 

[SQL2KDBA69]

also let me see your router table for GrandRios, PLP and the T1 Routers. use the "sh ip route" command.

 

[doohder]

I can't do anything with the T1 router as far as putting a static command in it cuz then it kicks everyone over here off the internet. but here is the two other ones.

 

[doohder]

with that current config none of the users at grandrios would be able to get out on the net even with default gateway setup as 10.0.0.2(ISA)

 

[SQL2KDBA69]

from those routing tables it look like your RIP is not configured completly. only two routers are send out RIP update and there not reporting all there connected networks

 

[SQL2KDBA69]

Also the T1 router is not sending any RIP updates to PLP. GrandLodge and GrandHotel is not send any RIP update either.

 

[doohder]

i did router rip on all three routers and put in network 10.0.0.0 on each. I can ping every interface from every router.

 

[SQL2KDBA69]

on the T1 router you need :

network 216.x.x


and on the GrandRios u need :

network 216.x.x

 

[doohder]

When I look at the tables I think it is setup right because you look at PLP router. 10.0.0.0 , 10.1.0.0 ,10.7.0.0 are all directly connected to that router some how its routing the 10.2.0.0 network(grandrios)from 10.1.0.2 to 10.0.0.2. GrandRios reaches 10.7.0.0 by routing through PLP router. and it reaches 10.0.0.0 network by going through 10.1.0.1 PLP rotuer.

 

[lgarner]

access-list 1 permit ip 216.x.x.0 0.255.255.255 any
interface <if_name>
ip policy route-map GrandRios
route-map GrandRios permit 10
match ip address 1
set ip next-hop 10.7.0.2

<if_name> is the PLP interface corresponding to 10.1.0.1

That's policy-based routing. Looking at your addresses, it looks like you have the 216.x.x.x network all over the place. NAT might be more what you need.

 

[SQL2KDBA69]

The reason i say that is because PLP dont know about any of the 216.x.x networks. that why i suggest adding these :

on the T1 router you need :

network 216.x.x


and on the GrandRios u need :

network 216.x.x

 

[doohder]

216.x.x.x is ignored by RIP because its a public address and isn't routable.

Lgarner it is kinda messed up that 216.x.x.x is all the leased public address that I have from the ISP they are making me keep a public address for the wireless system. They are also lookin into a solution about it since i got my part workin of routing users through ISA they need to figure out Wireless since the manage it they are just to slow at it.

basically PBR just makes a map of how to get to that other 216.x.x.161 and if its a 10.x.x.x it will take a different path kinda like else if statments in programming?

 

[lgarner]

PBR routes based on your policy, rather than by destination. In this case, you create an ACL which includes traffic from 216.x.x.x to anywhere, and set the next hop for matching traffic to a specific destination. Anything which doesn't match is sent to the one and only default gateway.

"its a public address and isn't routable" is an oxymoron. The real problem here looks like you've got a single network spanning multiple routers. Can you subnet it? Your public segment could use part of your address space, and your wireless systems could use a different part. Then, there's no problem, but you'll still need PBR to get the wireless traffic out via the T1.

 

[KiscoKid]

Didn't realise this same problem was also being discussed in the forum. I've been assisting with it in the IP related forum and I also have recommended the same as lgarner.

You need to use PBR if you want a router to make routing decisions that pverride what is present in the routing table (in this case a default route to the ISA server). Either use the config lgarner has used or the one I suggested in the other forum.

 

[doohder]

lgarner I have my private space with a subnet of 255.255.0.0 .... im still a lil confused i have rip set default gateway as the isa for internal users. and setting up to pbr 216.x.x.x out so it doesn't go throught the isa. I kinda understand how it works. I am not in the office any more so ill give this a try tommorrow.

 

[doohder]

i telneted in from home to try some of this for humor tonight I have no clue where I am spose to enter any of these commands on PLP router this access list stuff i know very little about to i guess you could say I pretty dumb when it comes to cisco. I guess I just need commands for dummies! thanx for the great info so far though!

 

[lgarner]

Try

http://www.brainbuzz.com/articles/get-article.asp?aid=22

and

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm

 

[doohder]

ok I get done with this part.....

route-map GrandRios permit 10
match ip address 1
set ip next-hop 10.7.0.2
I have gotten that part entered I don't know about the rest like ACL's where the heck do implement them.