Solved

T1 Point to Point

Posted on 2004-10-06
5
2,459 Views
Last Modified: 2013-12-12
I have a point to point T1 line from one location to another. They both have a cisco router on each end. I was asked to install a firewall on a dsl connection so they can create a VPN and get out to the internet because there is no internet connection on the point to point T1 line. The main office has the internet connection but the remote office does not. All 3 Windows servers gateway point to the point to point T1 router instead of the dsl connection. How can I get at least one server on the dsl gateway without messing up the point to point connection?  I need to point the servers towards the dsl connection which has a sonicwall on the dsl. The client does not want to spend any money on anything except for tech time to get it working with what they have. The remote office does not have any access to the internet.
0
Comment
Question by:bsl1234
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
netspec01 earned 38 total points
ID: 12248665
pc----switch----firewall----internet
            |
             -----------Cisco router--------> site 2


site 1 with Internet:
servers - default gateway to Internet; add second route for site 2 subnet
PCs (assume DHCP) - default gateway to Internet; push second route for site 2 subnet via router scope option

site 2 with no Internet:
default gateway for servers and PCs is T1


On server/static addressed PCs:
1. change default gateway to new firewall under network settings
2. at command prompt, "route add -p <site 2 network> mask <site 2 subnetmask> <ip address of T1 router>

PCs:
1. change DHCP scope so that gateway router is firewall
2. add a second router entry for the site2 network  ( I think this is option 3)

Does this help?
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12258481
Have you tried this?
0
 
LVL 5

Assisted Solution

by:AutoSponge
AutoSponge earned 37 total points
ID: 12328173
You can give the router a default gateway pointing to the DLS connection using a static route.  This will tell the router at the head office to forward all traffic toward the internet unless he has a specific route.  In order to make sure his more specific routes are there, you'll either need to have all the workstations and servers "connected" (i.e., in the arp table) or statically defined with a more specific route or found via a routing protocal.  If you used a private network to setup your offices (probably did) this can be done with a 10.0.0.0 (or 192.168.0.0) route pointing to a switch/router/firewall which is more specific than the 0.0.0.0 (default gateway).  Otherwise your routing protocol if you're using one should do this for you.  If you don't use a third router, don't have an addressable switch, or don't want all that traffic hitting the FW, you can divide your LANs and set the static routes accordingly (either point to the serial or point to the ethernet) or invoke a routing protocol.

Now you have your router open to the internet but you may not be able to reach it from the "inside".  Make sure you turn on NAT on the router and translate your DSL line's address to your internal network.  Once again, your router is all you need.  If you purchase a firewall (higher security option) you can use it to do NAT as well and your default gateway should point to the FW inside address on your LAN as the next hop.

If you don't purchase the FW, make sure that you are current with your knowledge of access-lists and how to block the most common DOS attacks via the ACL.  Keep in mind, you'll also need access lists to prevent LAN users from getting to the Internet if that's not your goal--again the FW is a better choice.

This is a high level plan since you didn't provide very much info about your network or configs.  If you need more details and can't find it, post the head office router config to start with a 'show ip proto' and a 'sho arp' and 'sho ip route' outputs.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DMVPN 3 85
Mobile internet modem with Eternet port 6 63
do ookla speed tests include parity bits?  (i.e. the "overhead") 6 104
Sporadic connectivity issues 6 38
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now