T1 Point to Point

I have a point to point T1 line from one location to another. They both have a cisco router on each end. I was asked to install a firewall on a dsl connection so they can create a VPN and get out to the internet because there is no internet connection on the point to point T1 line. The main office has the internet connection but the remote office does not. All 3 Windows servers gateway point to the point to point T1 router instead of the dsl connection. How can I get at least one server on the dsl gateway without messing up the point to point connection?  I need to point the servers towards the dsl connection which has a sonicwall on the dsl. The client does not want to spend any money on anything except for tech time to get it working with what they have. The remote office does not have any access to the internet.
bsl1234Asked:
Who is Participating?
 
netspec01Commented:
pc----switch----firewall----internet
            |
             -----------Cisco router--------> site 2


site 1 with Internet:
servers - default gateway to Internet; add second route for site 2 subnet
PCs (assume DHCP) - default gateway to Internet; push second route for site 2 subnet via router scope option

site 2 with no Internet:
default gateway for servers and PCs is T1


On server/static addressed PCs:
1. change default gateway to new firewall under network settings
2. at command prompt, "route add -p <site 2 network> mask <site 2 subnetmask> <ip address of T1 router>

PCs:
1. change DHCP scope so that gateway router is firewall
2. add a second router entry for the site2 network  ( I think this is option 3)

Does this help?
0
 
netspec01Commented:
Have you tried this?
0
 
AutoSpongeCommented:
You can give the router a default gateway pointing to the DLS connection using a static route.  This will tell the router at the head office to forward all traffic toward the internet unless he has a specific route.  In order to make sure his more specific routes are there, you'll either need to have all the workstations and servers "connected" (i.e., in the arp table) or statically defined with a more specific route or found via a routing protocal.  If you used a private network to setup your offices (probably did) this can be done with a 10.0.0.0 (or 192.168.0.0) route pointing to a switch/router/firewall which is more specific than the 0.0.0.0 (default gateway).  Otherwise your routing protocol if you're using one should do this for you.  If you don't use a third router, don't have an addressable switch, or don't want all that traffic hitting the FW, you can divide your LANs and set the static routes accordingly (either point to the serial or point to the ethernet) or invoke a routing protocol.

Now you have your router open to the internet but you may not be able to reach it from the "inside".  Make sure you turn on NAT on the router and translate your DSL line's address to your internal network.  Once again, your router is all you need.  If you purchase a firewall (higher security option) you can use it to do NAT as well and your default gateway should point to the FW inside address on your LAN as the next hop.

If you don't purchase the FW, make sure that you are current with your knowledge of access-lists and how to block the most common DOS attacks via the ACL.  Keep in mind, you'll also need access lists to prevent LAN users from getting to the Internet if that's not your goal--again the FW is a better choice.

This is a high level plan since you didn't provide very much info about your network or configs.  If you need more details and can't find it, post the head office router config to start with a 'show ip proto' and a 'sho arp' and 'sho ip route' outputs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.