This Shouldn't Be So Hard

[spock9458]

I have a main office, and we are adding a satellite office, and I am trying to share the DSL Internet located at the main office with both sites. Here is a drawing of my current topology: http://www.sanjuantitle.com/RobsNetTopology.tif

On both Cisco routers I have the following protocol settings:
router rip
version 2.0
network 192.168.0.0
network 192.168.40.0
network 192.168.41.0
no auto-summary

On the "Main" router I have the following static routes:
ip route 192.168.41.0 255.255.255.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 10.1.1.13 (This is out to Internet)

On the "Main" router I have the following "trigger" command for the internet:
ip nat inside source list 101 interface Ethernet0 overload

and the 101 access-list looks like this:
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
access-list 101 permit ip 192.168.41.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.0.255 any

The "show ip route" command on the "Main" router shows:
Gateway of last resort is 10.1.1.13 to network 0.0.0.0

C 192.168.40.0/24 is directly connected, FastEthernet0
S 192.168.41.0/24 [1/0] via 192.168.0.1
10.1.1.0/0 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Ethernet0
C 192.168.0.0/24 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 10.1.1.13

(Note: actual public ip addresses have been changed to protect the innocent)

On the "Satellite" router, I have the following static routes:
ip route 0.0.0.0 0.0.0.0 10.1.1.15 (To try and reach Internet)
ip route 192.168.40.0 255.255.255.0 192.168.0.2
ip route 10.1.1.0 255.255.255.0 192.168.0.2

and on the "Satellite" router, the "show ip route" command reveals the following:
Gateway of last resort is 10.1.1.15 to network 0.0.0.0

S 192.168.40.0/24 [1/0] via 192.168.0.2
C 192.168.41.0/24 is directly connected, FastEthernet0
10.1.1.0/0 is subnetted, 1 subnets
S 10.1.1.0 [1/0] via 192.168.0.2
C 192.168.0.0/24 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 10.1.1.15

(Again, the actual public ip addresses have been changed to protect the innocent)

From the Satellite router, I can ping to 10.1.1.15, but not to 10.1.1.13, and therefore I can't connect to internet from the satellite office. PCs in the Satellite office can also ping to 10.1.1.15 but not to 10.1.1.13.

This has to be a relatively simple problem, and yet no matter what I do, I can't get out to the internet from the Satellite office. All other network communication from the Satellite to the Main works perfectly.

Please help...
Thanks

 

[lgarner]

1. Does the ISP's DSL router have a route to your satellite office via your main router?
2. Change the default route on the satellite router from 10.1.1.15 to 192.168.0.2.

 

[spock9458]

2. Change the default route on the satellite router from 10.1.1.15 to 192.168.0.2.

I did this first.

1. Does the ISP's DSL router have a route to your satellite office via your main router?

No. Can you give me an idea of how to do that? I tried the following line in the Main Router:
ip route 10.1.1.0 255.255.255.0 192.169.0.1
(Of course, I used the actual network address and mask for the ISP DSL Router)

That didn't appear to work, so I probably did that wrong. I would appreciate some more help if anyone can tell me how to do the proper route

Thanks!

 

[plshlpme]

what device is 10.1.1.13 ? (your gateway to the internet)

does it know how to get back to the 192.168.41.0 network?

 

[spock9458]

Yes the device at 10.1.1.13 is the Ethernet connection to the DSL router that was provided by our ISP. I cannot access that router configuration.

I am assuming that this device "knows how" to get back to the 192.168.40.0 network because it is directly connected to the same router?

How would I tell the DSL device how to get back to the 192.168.40.0 network by using commands on either the Main Cisco router or the Satellite Cisco router? Can this be done?

 

[spock9458]

Ooops, my last posting has an error. The last question should be:

How would I tell the DSL device how to get back to the 192.169.41.0 network by using commands on either the MAin Cisco router or the Satellite Cisco router?

Thanks!

 

[lgarner]

You can't.

Check with your ISP. At some point they must have set it up to know that it has to route to 192.168.40.0 via 10.1.1.15, so they may only have to do the same thing for 192.168.41.0.

Alternatively, if the satellite office only needs outbound internet and isn't running servers, you could enable NAT on the main router.

 

[spock9458]

Alternatively, if the satellite office only needs outbound internet and isn't running servers, you could enable NAT on the main router.

The satellite does need ONLY outbound internet, and I do have NAT enabled on Main router. See my original post:

On the "Main" router I have the following "trigger" command for the internet:
ip nat inside source list 101 interface Ethernet0 overload

and the 101 access-list looks like this:
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
access-list 101 permit ip 192.168.41.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.0.255 any

An interesting thing happens when I run a traceroute from a PC at the satellite office to 10.1.1.13 (DSL Router "Internet") the route shows:
1. 192.168.41.201 (FastEth0 on Satellite Cisco)
2. 192.168.0.2 (Ser0 on Main Cisco)
<time out>

But when I run a traceroute to 10.1.1.15 (Eth0 on Main Cisco) it shows this:
1. 192.168.41.201 (FastEth0 on Satellite Cisco)
2. 10.1.1.15 (Eth0 on Main Cisco) (Note: this path does not appear to be going through the Serial connection?)

I'm getting more confused. I must admit that I don't often have to configure routers, so I apologize for seeming like such an idiot. But I REALLY need to get this working soon.

Thanks for any help you can offer.

 

[fartingfrog]

If you can get to the internet from the main, you simply need to have RIP advertise a route to get to the main router from the satellite. The RIP statement is wrong in both routers. 192.168.41.0 does not and should not be in the main router's RIP statement, and 192.168.40.0 does and should not be in the satellite router's RIP statement. You're confusing the poor satellite router! You don't need a static route on the satellite router at all, either. Not with a routing protocol. Personally, I would use EIGRP for the convergence speed and scalability. The NAT statement should only be a concern if you cannot get to the internet from the main router. The RIP statements (which don't even need version 2, since all your ip's are classfull) should only include directly connected routes. From the main router, ...
router rip
net 10.0.0.0 (assuming the 10 dot network is a class a subnet mask---if not, you'll need rip ver 2)
net 192.168.0.0
net 192.168.40.0
Then on the satellite...
router rip
net 192.168.0.0
net 192.168.41.0
That's it. Assuming, again, you can get on the internet from the Main office. You actually could use the 1721 at the main as a dsl router. Good luck.
Oh---if the 10 dot network is a fake to protect the innocent, then it should only be on the internet WAN side of the dsl modem, and on the LAN side it should be a private. If this is the case, make the interface config facing the dsl modem like this
Router(config-int)#ip add dhcp
The dsl modem should do NAT and DHCP on it's own. Good luck.

Tim

 

[spock9458]

Tim,

Thank you, thank you, thank you! That works like a charm! I was aware that I didn't know too much about the RIP statements, I just thought "the more the merrier", I guess.

Anyway, it sounds like you could answer a couple more quick questions for me....

1. If I take the 'version 2' statement out of the RIP settings, will it have any effect on network speed?

2. Will I have any problems switching from the RIP to the EIGRP protocol? (such as network down-time or hardware concerns)

Thanks again for everyone's help, this forum is great!

 

[plshlpme]

the difference between rip version 1 and 2 is that 2 is a classless protocol.. so you can subnet beyond the classfull boundries.. it will not speed up or slow down with your setup.

rip to eigrp would be fairly straightforward the config is the same except you need to specify an AS for your network

http://www.cisco.com/univercd/cc/td...ios120/12cgcr/np1_c/1cprt1/1ceigrp.htm#wp4926

just be sure to use the same AS on all the routers you are configuring with the eigrp protocol.

eigrp is also a classless protocol.

 

[fartingfrog]

plshlpme is absolutely correct. If these two offices are all you are going to have, then you're fine. With RIP, you could actually have up to 254 network devices total, and you could keep RIP ver 1 if you never need more than 254 hosts per subnet. On larger networks, OSPF and EIGRP are preferred not only because of the scalability, but they are not confined to 15 hops and they don't toss around their entire routing table. This can slow down network speed slightly in environments with like 150 routers. You'll never notice this. It happens almost instantaneously, and with only 2 routers, you'll never notice. Like plshlpme said, the only difference between ver 1 and 2 in RIP is classless subnet masks/variable length subnet masks. But leaving the ver 2 statements in is fine. The way you have it now without vlans and all that is nice and simple, and I would just keep it that way. Glad we could help. Adios.

Tim

 

[spock9458]

HELP one more time, please! I got the router, and the PCs at the Satellite office to ping to the isp dsl router, that means I'm getting out onto the internet. However, I only discovered today that there is no DNS name resolution taking place at the satellite.

I have a private DNS server for our in-house domain, and I added the new network 192.168.41.0 in the reverse lookup section. I added specific A records for both the Main and the Satellite routers.

I have listed in my cisco config the following:
ip name-server 192.168.40.100 (Local DNS server)
ip name-server (isp name server #1)
ip name-server (isp name server #2)

when I ping from the Main router, or from any of the PCs at the Main office, to yahoo.com or any other domain name, I get DNS resolution and successful reply. When I ping to same from Satellite router or PCs in Satellite office, I get no DNS resolution.

Where is the resolution supposted to take place, and how do I get that same resolution for the Satellite office?

Once again, I thank you for your suggestions.

 

[fartingfrog]

Is the ip name-server 192.168.40.100 in the satellite router, main router, or both? If only in the satellite router, get rid of that command in the satellite only. If this solves that problem, then let me know and I will think of a solution. I'm not too hip on servers. It would help to diagnose and troubleshoot if you could post a show run from both routers. Also, try this in the satellite...
Satellite(config)#ip domain-lookup

That should resolve it from the router, anyway. Post the show run. Also, just because you can ping the dsl modem/router does not mean you can ping anything on the other side necessarily. Try to ping the ip of the ISP dns server from a node on the satellite LAN. If you can do this, but can't ping google (yahoo usually sets an acl to deny ping echoes), then do an ipconfig /all on the pc. Is the ISP dns server in there? If not, then set the ip and dns server info statically, then try. If this is the case, look at your dhcp pool config in the router, assuming you are doing dhcp from the router. Like I said, I can be much more helpful if you post a show run. Thanks, and good luck.

Tim

Tim