Solved

Connecting 2 remote sites via PTP T1.  Unable to access one of the 2 sites networks.

Posted on 2004-04-19
5
241 Views
Last Modified: 2013-11-16
I currently have 2 sites connected via a PTP T1.  The routers names are MDF-POP-NC “Cisco 2610”and MDF-PTP-SC “Cisco 2610”.  The site where MDF-POP-NC resides is filtered using a Watch Guard 700.  The Watch Guard is not equipped with a csu/dsu so the router MDF-POP-NC is at the POP.  I need both sites filtered and I do not want to route traffic through my Watch Guard from MDF-POP-NC creating double the traffic and reducing my usable bandwidth.  I have a 3rd router MDF-PTP-NC “Cisco 2611” I want to use to bring traffic into that site from MDF-PTP-SC.  So the desired route traffic would take would be MDF-PTP-SC to MDF-PTP-NC to Watch Guard to MDF-POP-NC.  Currently all traffic at the site where MDF-POP-NC resides is filtered through the Watch Guard.  I have the router MDF-PTP-NC configured and tested it this weekend.  When in place I can ping all interface addresses of MDF-PTP-SC and addresses internal to that sites network from MDF-PTP-NC.  From MDF-PTP-SC I can ping all interface addresses of MDF-PTP-NC but no internal addresses to that network.  
Here is the configuration of both routers less Login methods and passwords.
hostname MDF-PTP-SC
!
ip subnet-zero
ip host MDF-POP-NC 0.0.0.0 0.0.0.0  "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
interface Ethernet0/0
 ip address 172.16.1.1 255.255.0.0
 no ip directed-broadcast
!
interface Serial0/0
 ip address 10.10.10.2 255.255.255.252
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.0.0 255.255.0.0 10.10.10.1
no ip http server
!
access-list 1 permit 167.58.253.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 7 permit 0.0.0.0
access-list 50 deny   0.0.0.0
access-list 50 permit any
access-list 70 deny   10.0.0.0 0.255.255.255
access-list 70 deny   172.16.0.0 0.15.255.255
access-list 70 deny   192.168.0.0 0.0.255.255
access-list 70 permit any
access-list 80 deny   0.0.0.0
access-list 80 deny   10.0.0.0 0.255.255.255
access-list 80 deny   172.16.0.0 0.15.255.255
access-list 80 deny   192.168.0.0 0.0.255.255
access-list 80 permit any
access-list 101 deny   udp any any eq snmp
access-list 101 deny   udp any any eq snmptrap
access-list 101 permit ip any any
snmp-server engineID local 00000009020000014208EBE0
snmp-server enable traps snmp

hostname MDF-PTP-NC
!
ip subnet-zero
no ip domain-lookup
ip host MDF-POP-NC 0.0.0.0 0.0.0.0  "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
no ip bootp server
!
interface Ethernet0/0
 ip address 192.168.1.7 255.255.0.0
 no ip directed-broadcast
!
interface Serial0/0
 ip address 10.10.10.1 255.255.255.252
 no ip directed-broadcast
 no ip mroute-cache
 no fair-queue
!
interface Ethernet0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2  
   "192.168.1.2 = WatchGuard Firewall/Filter "forwards Traffic to Router MDF-POP-NC""
   All internet traffic at that location is filtered.

ip route 172.16.0.0 255.255.0.0 10.10.10.2
no ip http server
!
end
0
Comment
Question by:PosCon
  • 4
5 Comments
 
LVL 11

Accepted Solution

by:
PennGwyn earned 500 total points
ID: 10861809
PTP-NC is available on that network at 192.168.1.7.  But the WatchGuard is on that network at 192.168.1.2, and that's where the clients on that network are pointing for their default gateway.  So their ping responses to PTP-SC are getting sent to the
WatchGuard and dropped.

You need PTP-NC to be the default gateway for the 192.168.x.x LAN, with ITS default route pointed at the WatchGuard.

Simplest fix:
Move the WG to 192.168.1.7, put PTP-NC on 192.168.1.2, and change the default route on PTP-NC to

ip route 0.0.0.0 0.0.0.0 192.168.1.7

Better fix:
Put a private network (10.10.10.4/30?) between PTP-NC's Ethernet0/1 port and the WG's ethernet port (which will need an address on that private net instead of on  192.168.x.x).

0
 

Author Comment

by:PosCon
ID: 10863162
OK, I am not seeing how this will fix my problem.  I understand "You need PTP-NC to be the default gateway for the 192.168.x.x LAN, with ITS default route pointed at the WatchGuard".  
When I say I was issuing a ping command I mean from the router.  I was able to ping all PTP-NC interfaces from PTP-SC but nothing on the 192.168 network except interface e0/0 192.168.1.7.  
0
 

Author Comment

by:PosCon
ID: 10893045
I appriciate any help someone can give me!  I am at a loss why I cannot ping the 192.168 network.
0
 

Author Comment

by:PosCon
ID: 11050556
PennGwyn,

I understand what you were saying know.  That fixed the ping problem.  I had to add a network route for the 172. network into WatchGuard to get internet traffic routed to that network also.  

I have one more problem.  I cannot ping by hostname from the 172 network to the 192 network.  I need to join a Server in the 172 network to the Domain in the 192 network.  Do you have any suggestions.  After I get the server joined to the domain I should be good.  Again thanks for your responce and forgive my ignorance in the above reply.
0
 

Author Comment

by:PosCon
ID: 11051409
I added a host name to an ip address mapping entry on my  PTP-SC router and I can ping that specific hostname from the router now.  I still cannot ping the same host name from a workstation that has its default gateway pointed to PTP-SC.  The host name I mapped is the DNS server on the 192 network.  I have the DNS Server entry on my Local Area Connection on a workstation pointed to the same DNS server that I mapped on the router and I can access the internet with no problems.  
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RRAS AND DNS 15 60
New firewall implementation guidance 12 89
When syspreping a clone machine 7 47
svi stops eigrp advertisement 13 31
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question