• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

Advice Sharing Internet Connection over segmented network

Hello,

I am doing work for a client who has 2 offices connected by a T1 point to point, connected with a Cisco 1720 on each end. In the main office (192.168.10.x) we have installed a Internet connectiction that we would like the remote office (192.168.5.x) to share the connection. Since the default gateway in the remote office has to be the Cisco routeron it's end, how can the remote office share the connection? What is the best way to do this?

Thanks, Tony
0
dolphan2013
Asked:
dolphan2013
  • 5
  • 3
  • 2
1 Solution
 
vico1CIOCommented:
You will need to add routes on the router (192.168.5.X) to use the internet on the other network (192.168.10.X) once that is done the other nodes should be able to do the same.
0
 
dolphan2013Author Commented:
When I add the route on the router, is it a simple as Route add 192.168.10.0 255.255.255.0 or do i need to direct the trafific to a specific address on 192.168.10.x side? Also, once the change is made on the router, do the clients on the 192.168.5.x side need a new GW address to get to the internet?



Thanks again!
0
 
vico1CIOCommented:
The GW for the 192.168.5.x stays the same:
Example: if the router on 192.168.5.x is the gateway with address 192.168.5.2 (let's call it router A), the clients gateway should stay 192.168.5.2
Now you need to  direct all traffic from From external interface on router A (0.0.0.0   0.0.0.0) to router B . You did not mention the network between Router A and Router B.
example:
Now I don't know if your internet connection is a node on network (192.168.10.0) or an interface on router B I am speculating.

                                 e0                         e1                                            
------------------------|       |---------------|          T1 (x.x.x.0)         |-------------|         |---------------------------|
Network 192.168.5.0|------|Router A      |-----------------------------| Router B   |-------| Network 192.168.10.0 |
------------------------|       |---------------|                                    |-------------|         |--------------------|------|
                                                                                                                                                       |
                                                                                                                                                       |__________________Internet

Hope that helped.
Post more questions.
vico1
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dolphan2013Author Commented:
Hello,

The Internet connection is a sonicwall firewall, connected to my dsl router on 192.168.10.0

Upon examing the Cisco Point to Point routers here is the info from the main office for the external interface.

!
interface Serial0
ip address 192.168.1.1 255.255.255.252
 encapsulation ppp
 no fair-queue
 service-module t1 clock source internal
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
no ip http server
!



The info from the remote office is similar except of course, the serial IP address is 192.168.1.2, and the ip route is 0.0.0.0 0.0.0.0 192.168.1.1

So there is a route for traffic to come across, this is how our client software communnicates with our server in the main office.



0
 
Gen2003Commented:
Hello

As I see from your config your ADSL has 192.168.1.2 address. Router A (RA) in 192.168.10.X has
192.168.1.1 on serial interface and 192.168.10.X??? on ethernet.

Assume router RA has address 192.168.10.1 on ethernet interface. It suppose to have aanother serial interface Serial1 connected to Router B (RB) on network 192.168.5.X. Assume RB has 192.168.5.1 on it's ethernet interface. Now you have to address PPP link between routers. So give address to Serial 1 on RA and Serial 0 on RB from another net i.e. 192.168.10.X:

RA:
Ethernet (goes to users on 192.168.10.X) - 192.168.10.1 (or whatever it is now)
Serial 0 (goes to ADSL) - 192.168.1.1
Serial 1 (goes to RB) - 192.168.10.1
route 0.0.0.0 0.0.0.0 192.168.1.2

RB:
Ethernet (goes to users on 192.168.5.X) - 192.168.5.1 (or whatever it is now)
Serial 0 (goes to RA) - 198.168.10.2
route 0.0.0.0 0.0.0.0 192.168.10.1

Users on net 192.168.5.X have to have default gateway as 192.168.5.1 (ethernet address of RB)

!!!*** Note. I guess you use NAT on your sonicwall or ADSL modem or somewhere. Make sure to include network 192.168.5.X to NAT table otherwise you will not get response from global net. Also check security policy on firewall as it will probably block everything 'cept 192.168.10.X. Make sure to have 192.168.5.X open as well.

Regards.
0
 
dolphan2013Author Commented:
Hello,
 No the 192.168.1.2 is the Serial interface for RouterB in the remote office.


Sonicwall is on 192.168.10.0 side it has IP of 192.168.10.150
DSL modem has "live" IP address It is not connected directly to either of the Cisco routers.

Router1 RA has the following config
Ehternet address is 192.168.10.1
Serial0 address is 192.168.1.1
route is 0.0.0.0 0.0.0.0 192.168.1.2

Router2 RB has the following config:

Ethernet address is 192.168.5.1
Serial0 address is 192.168.1.2
Route is 0.0.0.0 0.0.0.0 192.168.1.1


Thanks
0
 
Gen2003Commented:
Hey, you have both routers with DG pointing to each other. That's wrong. If RA is in the office which has Internet then point RA's default route to sonicwall's interface (if sonicwall your exit to the internet). so put

route 0.0.0.0 0.0.0.0 192.168.10.150

string on your RA.

Regards.
0
 
dolphan2013Author Commented:
This seems counterintuitive to me. First we have just added the interenet so the routers were pointing to each other so that traffic on each side of the router would go back and forth on each segment (this was set up prior to my working with this client).

Second if i want traffic coming from RB to access the internet that is behind RA, why would I change the route on the RA router to point to it's own side.....

The way i read your suggestion is to change Router A from this:
Ehternet address is 192.168.10.1
Serial0 address is 192.168.1.1
route is 0.0.0.0 0.0.0.0 192.168.1.2

To this:
Ehternet address is 192.168.10.1
Serial0 address is 192.168.1.1
route is 0.0.0.0 0.0.0.0 192.168..10.150

And leave router B as
Ethernet address is 192.168.5.1
Serial0 address is 192.168.1.2
Route is 0.0.0.0 0.0.0.0 192.168.1.1


Sorry, Maybe i am missing something and this is correct.

I will try a couple of chages to the route and see what happens. I am still a little new to the Cisco commands, I know how to get into config mode but if anyone would like to pass along the syntax to alter the existing route, it would be most appreciated.
0
 
Gen2003Commented:
Look RA has users on network 192.168.10.0 and your firewall or any equipment connected to Internet doing NAT knows only this net. It does NOT know how to enterpret packets from 192.168.5.0 network. So add route on that firewall to 192.168.5.0 pointing to RA's ethernet address 192.168.10.1 and make shure NAT process can manage both networks 192.168.10.0 and 192.168.5.0. So firewall must to know how to reach 192.168.5.0 net and packets from 192.168.5.0 must be NATed as well. Now about DG on RA. It points to RB's serial but when 192.168.5.X client want to send packet to the Internet it goes throgh RB then RA and RA will send it back to RB as DG points to RB. Instead RA's DG should point to your firewall (192.168.10.150?) thus forwarding packet futher to the next hop which then will forward it to the Internet.

So:
- change DG on RA
- add static route on RA saying net 192.168.5.0 can be reached through RB
- add static route on firewall saying net 192.168.5.0 can be reached through RA
- make shure NAT will proceed on packets from 192.168.10.0 and 192.168.5.0 nets.

Regards.
0
 
dolphan2013Author Commented:
Thanks much, I will be at the clients site on thursday and will give it a go. My apologies for being s little "slow'. You  help is much appreciated.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now