Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web Server via Point-to-Point

Status
Not open for further replies.
cyberjanitor

cyberjanitor

IS-IT--Management
Dec 26, 2006
6
0
0
US
Hi,

We have two locations connected with a 4 T1 IMA point-to-point config.
Each location also has it's own internet T1. One of the buildings has
a web server on it's firewall's dmz. We would like to access that
server from the other site over the point-to-point connection, rather
than the internet T1, but I'm not sure how to route that. When I try
to route the web servers address with something like "ip route x.x.x.x
255.255.255.255 ATM1/IMA0.1" a traceroute shows it stopping at
10.1.1.2. I would appreciate any help I can get on setting this up.
Here's some of each router's config:

Site #1 with web server (public ip x.x.x.x on dmz)

interface Ethernet0/0
ip address 172.16.1.1 255.255.255.0
half-duplex
!
interface ATM1/IMA0
no ip address
no atm ilmi-keepalive
!
interface ATM1/IMA0.1 point-to-point
ip address 10.1.1.2 255.255.255.252
pvc 10/101
encapsulation aal5snap
!
!
router eigrp 20
network 172.16.1.0
network 192.168.1.0
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.254 255.255.255.0 ----> (LAN port
of firewall with server on DMZ)
ip route 192.168.1.0 255.255.255.0 ATM1/IMA0.1

Site #2

interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
half-duplex
!
interface ATM1/IMA0
no ip address
no atm ilmi-keepalive
!
interface ATM1/IMA0.1 point-to-point
ip address 10.1.1.1 255.255.255.252
pvc 10/101
encapsulation aal5snap
!
!
router eigrp 20
network 172.16.1.0
network 192.168.1.0
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254 255.255.255.0 ----> (LAN
port of firewall)
ip route 172.16.251.0 255.255.255.0 ATM1/IMA0.1

Thanks
 
Sort by date Sort by votes
your not running eigrp over the atm.. so does the other router have a route back to the 172.16.1.0 network?

i suspect your static route is wrong in site#2
 
Upvote 0 Downvote
You're right. There's a typo on that route. The router config for site #2 actually has the route as 172.16.1.0 255.255.255.0 ATM1/IMA0.1 . So how do I add a route to send traffic from site #2 to site #1's web server's public ip x.x.x.x instead of sending it through site 1's default gateway? When I used "ip route x.x.x.x 255.255.255.255 ATM1/IMA0.1", it didn't work. Is that wrong, or is the inappropriate eigrp config possibly causing a problem?
 
Upvote 0 Downvote
is router #1 your webservers default gateway?
and router #2 the hosts at the other sites default gateway?

if not then you need to let those devices know about these more specific routes..


if it were a linux firewall for example you'de need soemthing like
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.10.1.1

let me know if that helps at all.
 
Upvote 0 Downvote
Sorry. A network diagram would have been helpful. Both sites have sonicwall firewalls, and both sites have cisco routers handling the point to point connection. Each site has it's own cisco router as it's default gw and the cisco router sends internet traffic to the sonicwall and everything else to the point to point. I'm trying to route that one particular public address through the ptp for faster access to the web server.
 
Upvote 0 Downvote
So I added ip route x.x.x.x 255.255.255.255 atm1/ima0.1. A traceroute from a workstation at site 2 showed the trace stopping at the far side subinterface 10.10.10.2. Shortly thereafter people at site 2 were whining that they no longer had access to the web server (of course I don't know anything about it). So how do I get the traffic to take the next hop to 172.16.1.254?
 
Upvote 0 Downvote
This sounds like what plshlpme predicted when he was talking about putting a static route on the server. It's getting to the router we know it can get there. But, perhaps once it gets to the server it can't get back.

Or, maybe it's getting there, but wanting to go back a different way. You could do debug ip icmp
and observe if traffic going to the web server is sending icmp replies or not.
 
Upvote 0 Downvote
Hey Dan---I saw a post of yours about Peter Packet...that was a good one, and perhaps fitting here?

Burt
 
Upvote 0 Downvote
I misread plhlpme's question. The default gw for the web server is the isp's router, rather than the same cisco gw that everyone on the lan points to. So it does seem possible that the packets would get to the web server and not make it back. So I would need to add a static route on the web server to send anything destined for site #2 to the site #1 gw to forward to site #2, correct? It's a windoze server so I would do "route add 192.168.1.0 255.255.255.0 172.16.1.254" if I'm understading this.
 
Upvote 0 Downvote
Immediately after my last post it occurred to me that the route I was going to add to the windows server needed to be added to the sonicwall instead. The sonicwall had no route back to the site 2 network. As soon as I added the route,
they all lived happily ever after. Thanks a lot plshlpme and helpdeskdan for clearing the fog. I love this forum.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
90
bdk76
bdk76
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
71
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
87
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
61
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top