Solved

Should I use static or Dyn routing for 2 site using P2P T1?

Posted on 2003-12-09
8
401 Views
Last Modified: 2010-04-11
Ok Expert Fam I got a good one this week.

Here it is.  
2 Networks that are connected via P2P T1.  Each Site has a 2611XM
LAN A
FE0/0 192.168.1.0 /24
FE0/1 65.X.X.1
S/0 192.168.100.1 /30

There is Firewall on LAN A side
PIX 506E
E0/0 205.X.X.1
E0/1 192.168.1.1

LAN B
FE0/0 192.168.2.0 /24
S0/0 192.168.100.2 /30
Router will serve up DHCP

Here is the Need
All 192.168.1.0 Traffic needs internet access
All 192 168.2.0 traffic on the far end needs internet access
Need to make sure that firewall still does the job of protection.
____________________________________________________________________________
Should I use dyn. routing protocol or static routing?  
Here is the Config I have so far

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XXXXXXXX
!
enable secret 5 $1$NA2L$nQ6ZbzfFGt1GEDo1ZuZik1
enable password
!
ip subnet-zero
!
!
interface FastEthernet0/0
 ip address 192.168.1.80 255.255.255.0
 speed auto
 half-duplex

interface Serial0/0
 nterface Serial 0/0
 no shutdown
 description connected to XXXXXX
 service-module t1 clock source line
 service-module t1 data-coding normal
 service-module t1 remote-loopback full
 service-module t1 framing esf
 service-module t1 linecode b8zs
 service-module t1 lbo none
 service-module t1 remote-alarm-enable
 ip address 192.168.100.1 255.255.255.252
 encapsulation ppp

!
interface FastEthernet0/1
 ip address 205.X.X.80 255.255.0.0
 speed auto
 half-duplex
!
ip classless
ip http server
ip pim bidir-enable
!
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community RO
line con 0
line aux 0
line vty 0 4
 password
 login
!
!
end

I need help in making in sure these 2 sides to talk to one another.
Thanks
D  
0
Comment
Question by:deasem
  • 3
  • 3
  • 2
8 Comments
 

Expert Comment

by:brianrance
ID: 9906750
If I am correct in assuming that subnet 192.168.2.0 is routed to 192.168.1.0 then to firewall and out, then I'd say that you should setup static route records for the network.  Unless you have a relatively large network with lots of subnets (eg 4 or more routers), static should be adequate (as long as you dont plan on changing your network architecture too much.  Besides, if you enable Dynamic routing, your network will have to deal with RIP routing updates flying around.  Dynamic is easier to maintain though.  I think it comes down to how much time you have and if your network can stand another device (or 2) sending update packets out.

Basically:
Static= little harder to configure, medium difficulty to maintain, requires less network overhead.
Dynamic= easier to startup, easier to maintain, requires more network overhead.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9906954
Assuming your setup is something like this:

Internet ->PIX-->LANA-->router-->T1-->router-->LANB

All you need on LANB router is a static default, all users on LANB point to the router as their default gateway (192.168.2.x):
!
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!

On LANA router, you need a route to LANB and a default to the PIX:
!
ip route 192.168.2.0 255.255.255.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!

All users on LANA point their default gateway to the routers E0 address: 192.168.1.80

Make sure the PIX is setup also with a route back to 192.168.2.0:
PIX:
route inside 192.168.2.0 255.255.255.0 192.168.1.80

and make sure this subnet is included in the nat (inside) statement...

0
 

Author Comment

by:deasem
ID: 9907366
Lmoore
The only other question I have is
If I point all users to to the E0 on the Router to be the default gateway,  then at what point will the 192.168.1.X users get NATed when they try to get out to the internet.

so  I guess I'm going to have something like this
LANA
ip route 192.168.2.1 255.255.255.0 198.168.100.2
ip route 0.0.0.0 192.168.1.1

LANB
ip route 0.0.0.0 0.0.0.0 192.168.100.1

Firewall
route inside 192.168.2.0 255.255.255.0 192.168.1.80
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9908084
>at what point will the 192.168.1.X users get NATed when they try to get out to the internet.
When they go out through the PIX..
UserPC - defaults to router IP
Router defaults to PIX
Router will "redirect" local traffic to the PIX for anthing other than the networks it knows about
Router will "route" remote traffic to the PIX for any destination not local

You got it on the configs...

0
 

Expert Comment

by:brianrance
ID: 9908189
Irmoore has it:

Say PC 192.168.1.x wants yahoo.com (66.218.71.198)

192.168.1.x Asks Router1 "Can you send this request to 66.218.71.198?"
Router1 thinks "I dont know where that is, so I'll send it to my default route, Router2"
Router1 asks Router2 "Can you send this request to 66.218.71.198 for me?
Router2 says "That's not any of my listed subnets, I'll send it to my default route"
Router2 asks Firewall "can you send this to 66.218.71.198"
Firewall says sure, and sends it out, where the routerjumping process continues until a router knows how to connect to 66.218.71.198, and then retrieves info and sends it back the path it came in on.

As long as each default gateway points towards the right device, you should be golden

*This was an oversimplified explanation.
0
 

Author Comment

by:deasem
ID: 9908689
You guys are the best.  Thanks again.  I can't wait until tomorrow to get this thing off the ground.  On last thing.  
if you anybody can answer this.
Since I have the firewall, there is no need for me to place any access-list on the router unless i want to block from 192.168.2.1 network?

Thanks again
D
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9908760
You can use an access-list on the router, but it's not really necessary unless you want to restrict these two subnets from talking to each other...

Unless you mean the router in front of the PIX. In  that case, you can if you want. I have a whole list of AsiaPAC subnets blocked at the router so my firewall never has to deal with them..
0
 

Author Comment

by:deasem
ID: 9908901
Thats about it.. Thanks again for your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question