PosCon
asked on
Connecting 2 remote sites via PTP T1. Unable to access one of the 2 sites networks.
I currently have 2 sites connected via a PTP T1. The routers names are MDF-POP-NC “Cisco 2610”and MDF-PTP-SC “Cisco 2610”. The site where MDF-POP-NC resides is filtered using a Watch Guard 700. The Watch Guard is not equipped with a csu/dsu so the router MDF-POP-NC is at the POP. I need both sites filtered and I do not want to route traffic through my Watch Guard from MDF-POP-NC creating double the traffic and reducing my usable bandwidth. I have a 3rd router MDF-PTP-NC “Cisco 2611” I want to use to bring traffic into that site from MDF-PTP-SC. So the desired route traffic would take would be MDF-PTP-SC to MDF-PTP-NC to Watch Guard to MDF-POP-NC. Currently all traffic at the site where MDF-POP-NC resides is filtered through the Watch Guard. I have the router MDF-PTP-NC configured and tested it this weekend. When in place I can ping all interface addresses of MDF-PTP-SC and addresses internal to that sites network from MDF-PTP-NC. From MDF-PTP-SC I can ping all interface addresses of MDF-PTP-NC but no internal addresses to that network.
Here is the configuration of both routers less Login methods and passwords.
hostname MDF-PTP-SC
!
ip subnet-zero
ip host MDF-POP-NC 0.0.0.0 0.0.0.0 "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
interface Ethernet0/0
ip address 172.16.1.1 255.255.0.0
no ip directed-broadcast
!
interface Serial0/0
ip address 10.10.10.2 255.255.255.252
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.0.0 255.255.0.0 10.10.10.1
no ip http server
!
access-list 1 permit 167.58.253.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 7 permit 0.0.0.0
access-list 50 deny 0.0.0.0
access-list 50 permit any
access-list 70 deny 10.0.0.0 0.255.255.255
access-list 70 deny 172.16.0.0 0.15.255.255
access-list 70 deny 192.168.0.0 0.0.255.255
access-list 70 permit any
access-list 80 deny 0.0.0.0
access-list 80 deny 10.0.0.0 0.255.255.255
access-list 80 deny 172.16.0.0 0.15.255.255
access-list 80 deny 192.168.0.0 0.0.255.255
access-list 80 permit any
access-list 101 deny udp any any eq snmp
access-list 101 deny udp any any eq snmptrap
access-list 101 permit ip any any
snmp-server engineID local 00000009020000014208EBE0
snmp-server enable traps snmp
hostname MDF-PTP-NC
!
ip subnet-zero
no ip domain-lookup
ip host MDF-POP-NC 0.0.0.0 0.0.0.0 "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
no ip bootp server
!
interface Ethernet0/0
ip address 192.168.1.7 255.255.0.0
no ip directed-broadcast
!
interface Serial0/0
ip address 10.10.10.1 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
"192.168.1.2 = WatchGuard Firewall/Filter "forwards Traffic to Router MDF-POP-NC""
All internet traffic at that location is filtered.
ip route 172.16.0.0 255.255.0.0 10.10.10.2
no ip http server
!
end
Here is the configuration of both routers less Login methods and passwords.
hostname MDF-PTP-SC
!
ip subnet-zero
ip host MDF-POP-NC 0.0.0.0 0.0.0.0 "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
interface Ethernet0/0
ip address 172.16.1.1 255.255.0.0
no ip directed-broadcast
!
interface Serial0/0
ip address 10.10.10.2 255.255.255.252
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.0.0 255.255.0.0 10.10.10.1
no ip http server
!
access-list 1 permit 167.58.253.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 7 permit 0.0.0.0
access-list 50 deny 0.0.0.0
access-list 50 permit any
access-list 70 deny 10.0.0.0 0.255.255.255
access-list 70 deny 172.16.0.0 0.15.255.255
access-list 70 deny 192.168.0.0 0.0.255.255
access-list 70 permit any
access-list 80 deny 0.0.0.0
access-list 80 deny 10.0.0.0 0.255.255.255
access-list 80 deny 172.16.0.0 0.15.255.255
access-list 80 deny 192.168.0.0 0.0.255.255
access-list 80 permit any
access-list 101 deny udp any any eq snmp
access-list 101 deny udp any any eq snmptrap
access-list 101 permit ip any any
snmp-server engineID local 00000009020000014208EBE0
snmp-server enable traps snmp
hostname MDF-PTP-NC
!
ip subnet-zero
no ip domain-lookup
ip host MDF-POP-NC 0.0.0.0 0.0.0.0 "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
no ip bootp server
!
interface Ethernet0/0
ip address 192.168.1.7 255.255.0.0
no ip directed-broadcast
!
interface Serial0/0
ip address 10.10.10.1 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Ethernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
"192.168.1.2 = WatchGuard Firewall/Filter "forwards Traffic to Router MDF-POP-NC""
All internet traffic at that location is filtered.
ip route 172.16.0.0 255.255.0.0 10.10.10.2
no ip http server
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appriciate any help someone can give me! I am at a loss why I cannot ping the 192.168 network.
ASKER
PennGwyn,
I understand what you were saying know. That fixed the ping problem. I had to add a network route for the 172. network into WatchGuard to get internet traffic routed to that network also.
I have one more problem. I cannot ping by hostname from the 172 network to the 192 network. I need to join a Server in the 172 network to the Domain in the 192 network. Do you have any suggestions. After I get the server joined to the domain I should be good. Again thanks for your responce and forgive my ignorance in the above reply.
I understand what you were saying know. That fixed the ping problem. I had to add a network route for the 172. network into WatchGuard to get internet traffic routed to that network also.
I have one more problem. I cannot ping by hostname from the 172 network to the 192 network. I need to join a Server in the 172 network to the Domain in the 192 network. Do you have any suggestions. After I get the server joined to the domain I should be good. Again thanks for your responce and forgive my ignorance in the above reply.
ASKER
I added a host name to an ip address mapping entry on my PTP-SC router and I can ping that specific hostname from the router now. I still cannot ping the same host name from a workstation that has its default gateway pointed to PTP-SC. The host name I mapped is the DNS server on the 192 network. I have the DNS Server entry on my Local Area Connection on a workstation pointed to the same DNS server that I mapped on the router and I can access the internet with no problems.
ASKER
When I say I was issuing a ping command I mean from the router. I was able to ping all PTP-NC interfaces from PTP-SC but nothing on the 192.168 network except interface e0/0 192.168.1.7.