Solved

Should I use static or Dyn routing for 2 site using P2P T1?

Posted on 2003-12-09
8
404 Views
Last Modified: 2010-04-11
Ok Expert Fam I got a good one this week.

Here it is.  
2 Networks that are connected via P2P T1.  Each Site has a 2611XM
LAN A
FE0/0 192.168.1.0 /24
FE0/1 65.X.X.1
S/0 192.168.100.1 /30

There is Firewall on LAN A side
PIX 506E
E0/0 205.X.X.1
E0/1 192.168.1.1

LAN B
FE0/0 192.168.2.0 /24
S0/0 192.168.100.2 /30
Router will serve up DHCP

Here is the Need
All 192.168.1.0 Traffic needs internet access
All 192 168.2.0 traffic on the far end needs internet access
Need to make sure that firewall still does the job of protection.
____________________________________________________________________________
Should I use dyn. routing protocol or static routing?  
Here is the Config I have so far

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XXXXXXXX
!
enable secret 5 $1$NA2L$nQ6ZbzfFGt1GEDo1ZuZik1
enable password
!
ip subnet-zero
!
!
interface FastEthernet0/0
 ip address 192.168.1.80 255.255.255.0
 speed auto
 half-duplex

interface Serial0/0
 nterface Serial 0/0
 no shutdown
 description connected to XXXXXX
 service-module t1 clock source line
 service-module t1 data-coding normal
 service-module t1 remote-loopback full
 service-module t1 framing esf
 service-module t1 linecode b8zs
 service-module t1 lbo none
 service-module t1 remote-alarm-enable
 ip address 192.168.100.1 255.255.255.252
 encapsulation ppp

!
interface FastEthernet0/1
 ip address 205.X.X.80 255.255.0.0
 speed auto
 half-duplex
!
ip classless
ip http server
ip pim bidir-enable
!
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community RO
line con 0
line aux 0
line vty 0 4
 password
 login
!
!
end

I need help in making in sure these 2 sides to talk to one another.
Thanks
D  
0
Comment
Question by:deasem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 

Expert Comment

by:brianrance
ID: 9906750
If I am correct in assuming that subnet 192.168.2.0 is routed to 192.168.1.0 then to firewall and out, then I'd say that you should setup static route records for the network.  Unless you have a relatively large network with lots of subnets (eg 4 or more routers), static should be adequate (as long as you dont plan on changing your network architecture too much.  Besides, if you enable Dynamic routing, your network will have to deal with RIP routing updates flying around.  Dynamic is easier to maintain though.  I think it comes down to how much time you have and if your network can stand another device (or 2) sending update packets out.

Basically:
Static= little harder to configure, medium difficulty to maintain, requires less network overhead.
Dynamic= easier to startup, easier to maintain, requires more network overhead.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9906954
Assuming your setup is something like this:

Internet ->PIX-->LANA-->router-->T1-->router-->LANB

All you need on LANB router is a static default, all users on LANB point to the router as their default gateway (192.168.2.x):
!
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!

On LANA router, you need a route to LANB and a default to the PIX:
!
ip route 192.168.2.0 255.255.255.0 192.168.100.2
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!

All users on LANA point their default gateway to the routers E0 address: 192.168.1.80

Make sure the PIX is setup also with a route back to 192.168.2.0:
PIX:
route inside 192.168.2.0 255.255.255.0 192.168.1.80

and make sure this subnet is included in the nat (inside) statement...

0
 

Author Comment

by:deasem
ID: 9907366
Lmoore
The only other question I have is
If I point all users to to the E0 on the Router to be the default gateway,  then at what point will the 192.168.1.X users get NATed when they try to get out to the internet.

so  I guess I'm going to have something like this
LANA
ip route 192.168.2.1 255.255.255.0 198.168.100.2
ip route 0.0.0.0 192.168.1.1

LANB
ip route 0.0.0.0 0.0.0.0 192.168.100.1

Firewall
route inside 192.168.2.0 255.255.255.0 192.168.1.80
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9908084
>at what point will the 192.168.1.X users get NATed when they try to get out to the internet.
When they go out through the PIX..
UserPC - defaults to router IP
Router defaults to PIX
Router will "redirect" local traffic to the PIX for anthing other than the networks it knows about
Router will "route" remote traffic to the PIX for any destination not local

You got it on the configs...

0
 

Expert Comment

by:brianrance
ID: 9908189
Irmoore has it:

Say PC 192.168.1.x wants yahoo.com (66.218.71.198)

192.168.1.x Asks Router1 "Can you send this request to 66.218.71.198?"
Router1 thinks "I dont know where that is, so I'll send it to my default route, Router2"
Router1 asks Router2 "Can you send this request to 66.218.71.198 for me?
Router2 says "That's not any of my listed subnets, I'll send it to my default route"
Router2 asks Firewall "can you send this to 66.218.71.198"
Firewall says sure, and sends it out, where the routerjumping process continues until a router knows how to connect to 66.218.71.198, and then retrieves info and sends it back the path it came in on.

As long as each default gateway points towards the right device, you should be golden

*This was an oversimplified explanation.
0
 

Author Comment

by:deasem
ID: 9908689
You guys are the best.  Thanks again.  I can't wait until tomorrow to get this thing off the ground.  On last thing.  
if you anybody can answer this.
Since I have the firewall, there is no need for me to place any access-list on the router unless i want to block from 192.168.2.1 network?

Thanks again
D
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9908760
You can use an access-list on the router, but it's not really necessary unless you want to restrict these two subnets from talking to each other...

Unless you mean the router in front of the PIX. In  that case, you can if you want. I have a whole list of AsiaPAC subnets blocked at the router so my firewall never has to deal with them..
0
 

Author Comment

by:deasem
ID: 9908901
Thats about it.. Thanks again for your help.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month6 days, 21 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question