Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

T1 Point to Point

Posted on 2004-10-06
5
Medium Priority
?
2,490 Views
Last Modified: 2013-12-12
I have a point to point T1 line from one location to another. They both have a cisco router on each end. I was asked to install a firewall on a dsl connection so they can create a VPN and get out to the internet because there is no internet connection on the point to point T1 line. The main office has the internet connection but the remote office does not. All 3 Windows servers gateway point to the point to point T1 router instead of the dsl connection. How can I get at least one server on the dsl gateway without messing up the point to point connection?  I need to point the servers towards the dsl connection which has a sonicwall on the dsl. The client does not want to spend any money on anything except for tech time to get it working with what they have. The remote office does not have any access to the internet.
0
Comment
Question by:bsl1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
netspec01 earned 152 total points
ID: 12248665
pc----switch----firewall----internet
            |
             -----------Cisco router--------> site 2


site 1 with Internet:
servers - default gateway to Internet; add second route for site 2 subnet
PCs (assume DHCP) - default gateway to Internet; push second route for site 2 subnet via router scope option

site 2 with no Internet:
default gateway for servers and PCs is T1


On server/static addressed PCs:
1. change default gateway to new firewall under network settings
2. at command prompt, "route add -p <site 2 network> mask <site 2 subnetmask> <ip address of T1 router>

PCs:
1. change DHCP scope so that gateway router is firewall
2. add a second router entry for the site2 network  ( I think this is option 3)

Does this help?
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12258481
Have you tried this?
0
 
LVL 5

Assisted Solution

by:AutoSponge
AutoSponge earned 148 total points
ID: 12328173
You can give the router a default gateway pointing to the DLS connection using a static route.  This will tell the router at the head office to forward all traffic toward the internet unless he has a specific route.  In order to make sure his more specific routes are there, you'll either need to have all the workstations and servers "connected" (i.e., in the arp table) or statically defined with a more specific route or found via a routing protocal.  If you used a private network to setup your offices (probably did) this can be done with a 10.0.0.0 (or 192.168.0.0) route pointing to a switch/router/firewall which is more specific than the 0.0.0.0 (default gateway).  Otherwise your routing protocol if you're using one should do this for you.  If you don't use a third router, don't have an addressable switch, or don't want all that traffic hitting the FW, you can divide your LANs and set the static routes accordingly (either point to the serial or point to the ethernet) or invoke a routing protocol.

Now you have your router open to the internet but you may not be able to reach it from the "inside".  Make sure you turn on NAT on the router and translate your DSL line's address to your internal network.  Once again, your router is all you need.  If you purchase a firewall (higher security option) you can use it to do NAT as well and your default gateway should point to the FW inside address on your LAN as the next hop.

If you don't purchase the FW, make sure that you are current with your knowledge of access-lists and how to block the most common DOS attacks via the ACL.  Keep in mind, you'll also need access lists to prevent LAN users from getting to the Internet if that's not your goal--again the FW is a better choice.

This is a high level plan since you didn't provide very much info about your network or configs.  If you need more details and can't find it, post the head office router config to start with a 'show ip proto' and a 'sho arp' and 'sho ip route' outputs.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question