Solved

T1 Point to Point

Posted on 2004-10-06
5
2,446 Views
Last Modified: 2013-12-12
I have a point to point T1 line from one location to another. They both have a cisco router on each end. I was asked to install a firewall on a dsl connection so they can create a VPN and get out to the internet because there is no internet connection on the point to point T1 line. The main office has the internet connection but the remote office does not. All 3 Windows servers gateway point to the point to point T1 router instead of the dsl connection. How can I get at least one server on the dsl gateway without messing up the point to point connection?  I need to point the servers towards the dsl connection which has a sonicwall on the dsl. The client does not want to spend any money on anything except for tech time to get it working with what they have. The remote office does not have any access to the internet.
0
Comment
Question by:bsl1234
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
netspec01 earned 38 total points
Comment Utility
pc----switch----firewall----internet
            |
             -----------Cisco router--------> site 2


site 1 with Internet:
servers - default gateway to Internet; add second route for site 2 subnet
PCs (assume DHCP) - default gateway to Internet; push second route for site 2 subnet via router scope option

site 2 with no Internet:
default gateway for servers and PCs is T1


On server/static addressed PCs:
1. change default gateway to new firewall under network settings
2. at command prompt, "route add -p <site 2 network> mask <site 2 subnetmask> <ip address of T1 router>

PCs:
1. change DHCP scope so that gateway router is firewall
2. add a second router entry for the site2 network  ( I think this is option 3)

Does this help?
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Have you tried this?
0
 
LVL 5

Assisted Solution

by:AutoSponge
AutoSponge earned 37 total points
Comment Utility
You can give the router a default gateway pointing to the DLS connection using a static route.  This will tell the router at the head office to forward all traffic toward the internet unless he has a specific route.  In order to make sure his more specific routes are there, you'll either need to have all the workstations and servers "connected" (i.e., in the arp table) or statically defined with a more specific route or found via a routing protocal.  If you used a private network to setup your offices (probably did) this can be done with a 10.0.0.0 (or 192.168.0.0) route pointing to a switch/router/firewall which is more specific than the 0.0.0.0 (default gateway).  Otherwise your routing protocol if you're using one should do this for you.  If you don't use a third router, don't have an addressable switch, or don't want all that traffic hitting the FW, you can divide your LANs and set the static routes accordingly (either point to the serial or point to the ethernet) or invoke a routing protocol.

Now you have your router open to the internet but you may not be able to reach it from the "inside".  Make sure you turn on NAT on the router and translate your DSL line's address to your internal network.  Once again, your router is all you need.  If you purchase a firewall (higher security option) you can use it to do NAT as well and your default gateway should point to the FW inside address on your LAN as the next hop.

If you don't purchase the FW, make sure that you are current with your knowledge of access-lists and how to block the most common DOS attacks via the ACL.  Keep in mind, you'll also need access lists to prevent LAN users from getting to the Internet if that's not your goal--again the FW is a better choice.

This is a high level plan since you didn't provide very much info about your network or configs.  If you need more details and can't find it, post the head office router config to start with a 'show ip proto' and a 'sho arp' and 'sho ip route' outputs.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now