Solved

Connecting 2 remote sites via PTP T1.  Unable to access one of the 2 sites networks.

Posted on 2004-04-19
5
238 Views
Last Modified: 2013-11-16
I currently have 2 sites connected via a PTP T1.  The routers names are MDF-POP-NC “Cisco 2610”and MDF-PTP-SC “Cisco 2610”.  The site where MDF-POP-NC resides is filtered using a Watch Guard 700.  The Watch Guard is not equipped with a csu/dsu so the router MDF-POP-NC is at the POP.  I need both sites filtered and I do not want to route traffic through my Watch Guard from MDF-POP-NC creating double the traffic and reducing my usable bandwidth.  I have a 3rd router MDF-PTP-NC “Cisco 2611” I want to use to bring traffic into that site from MDF-PTP-SC.  So the desired route traffic would take would be MDF-PTP-SC to MDF-PTP-NC to Watch Guard to MDF-POP-NC.  Currently all traffic at the site where MDF-POP-NC resides is filtered through the Watch Guard.  I have the router MDF-PTP-NC configured and tested it this weekend.  When in place I can ping all interface addresses of MDF-PTP-SC and addresses internal to that sites network from MDF-PTP-NC.  From MDF-PTP-SC I can ping all interface addresses of MDF-PTP-NC but no internal addresses to that network.  
Here is the configuration of both routers less Login methods and passwords.
hostname MDF-PTP-SC
!
ip subnet-zero
ip host MDF-POP-NC 0.0.0.0 0.0.0.0  "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
interface Ethernet0/0
 ip address 172.16.1.1 255.255.0.0
 no ip directed-broadcast
!
interface Serial0/0
 ip address 10.10.10.2 255.255.255.252
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.0.0 255.255.0.0 10.10.10.1
no ip http server
!
access-list 1 permit 167.58.253.0 0.0.0.255
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 7 permit 0.0.0.0
access-list 50 deny   0.0.0.0
access-list 50 permit any
access-list 70 deny   10.0.0.0 0.255.255.255
access-list 70 deny   172.16.0.0 0.15.255.255
access-list 70 deny   192.168.0.0 0.0.255.255
access-list 70 permit any
access-list 80 deny   0.0.0.0
access-list 80 deny   10.0.0.0 0.255.255.255
access-list 80 deny   172.16.0.0 0.15.255.255
access-list 80 deny   192.168.0.0 0.0.255.255
access-list 80 permit any
access-list 101 deny   udp any any eq snmp
access-list 101 deny   udp any any eq snmptrap
access-list 101 permit ip any any
snmp-server engineID local 00000009020000014208EBE0
snmp-server enable traps snmp

hostname MDF-PTP-NC
!
ip subnet-zero
no ip domain-lookup
ip host MDF-POP-NC 0.0.0.0 0.0.0.0  "Edited External address's"
ip host MDF-PTP-SC 172.16.1.1 10.10.10.2
ip host MDF-PTP-NC 192.168.1.7 10.10.10.1
!
no ip bootp server
!
interface Ethernet0/0
 ip address 192.168.1.7 255.255.0.0
 no ip directed-broadcast
!
interface Serial0/0
 ip address 10.10.10.1 255.255.255.252
 no ip directed-broadcast
 no ip mroute-cache
 no fair-queue
!
interface Ethernet0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2  
   "192.168.1.2 = WatchGuard Firewall/Filter "forwards Traffic to Router MDF-POP-NC""
   All internet traffic at that location is filtered.

ip route 172.16.0.0 255.255.0.0 10.10.10.2
no ip http server
!
end
0
Comment
Question by:PosCon
  • 4
5 Comments
 
LVL 11

Accepted Solution

by:
PennGwyn earned 500 total points
ID: 10861809
PTP-NC is available on that network at 192.168.1.7.  But the WatchGuard is on that network at 192.168.1.2, and that's where the clients on that network are pointing for their default gateway.  So their ping responses to PTP-SC are getting sent to the
WatchGuard and dropped.

You need PTP-NC to be the default gateway for the 192.168.x.x LAN, with ITS default route pointed at the WatchGuard.

Simplest fix:
Move the WG to 192.168.1.7, put PTP-NC on 192.168.1.2, and change the default route on PTP-NC to

ip route 0.0.0.0 0.0.0.0 192.168.1.7

Better fix:
Put a private network (10.10.10.4/30?) between PTP-NC's Ethernet0/1 port and the WG's ethernet port (which will need an address on that private net instead of on  192.168.x.x).

0
 

Author Comment

by:PosCon
ID: 10863162
OK, I am not seeing how this will fix my problem.  I understand "You need PTP-NC to be the default gateway for the 192.168.x.x LAN, with ITS default route pointed at the WatchGuard".  
When I say I was issuing a ping command I mean from the router.  I was able to ping all PTP-NC interfaces from PTP-SC but nothing on the 192.168 network except interface e0/0 192.168.1.7.  
0
 

Author Comment

by:PosCon
ID: 10893045
I appriciate any help someone can give me!  I am at a loss why I cannot ping the 192.168 network.
0
 

Author Comment

by:PosCon
ID: 11050556
PennGwyn,

I understand what you were saying know.  That fixed the ping problem.  I had to add a network route for the 172. network into WatchGuard to get internet traffic routed to that network also.  

I have one more problem.  I cannot ping by hostname from the 172 network to the 192 network.  I need to join a Server in the 172 network to the Domain in the 192 network.  Do you have any suggestions.  After I get the server joined to the domain I should be good.  Again thanks for your responce and forgive my ignorance in the above reply.
0
 

Author Comment

by:PosCon
ID: 11051409
I added a host name to an ip address mapping entry on my  PTP-SC router and I can ping that specific hostname from the router now.  I still cannot ping the same host name from a workstation that has its default gateway pointed to PTP-SC.  The host name I mapped is the DNS server on the 192 network.  I have the DNS Server entry on my Local Area Connection on a workstation pointed to the same DNS server that I mapped on the router and I can access the internet with no problems.  
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now