Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Routing between two different networks - not standard routing.

Posted on 2006-06-07
10
Medium Priority
?
257 Views
Last Modified: 2010-04-17
I am trying to get off one network for another - in short, have two seperate and distinct networks.  They exist as the following:

Network 1                                    Network 2

10.210.138.x                               10.5.10.x

CSU/DSU                                     Cisco 1700 w/ CSU/DSU

Cisco 2500                                  PIX 515E (two interfaces)

Switch                                       Switch

Basically, I want to maintain the ROUTE for Network 1 for applications looking for 10.210.138.x applications and route all other traffic out to Network 2.  Out consultant explained that we need to know the router information on Network 1, but I said that that is just apart of another network and that the Cisco 2500 is just routing the request from the nodes on Network 1, including internet traffic.  Basically Network 1 is a self contained network.

Option 1: Add another interface on the PIX 515E, create a NAT for the 10.210.138.X requests and route everything else outbound.  The path back for requests on network 1 would be maintained since those requests are coming back across the 2500 and hitting the 515E - it know it is a NAT return and send it along.  All other traffic is routed through 10.5.10.X network and no major changes there.

Option 2: Where the switches are now, add another router that would determine what path to take.  The only problem I can se with that is that I am sending a request from a different subnet and the host will send it back to the requestors (let say 10.5.10.2) on the host network - in other words it will be either ignored or sent to another path.  Unless someone can tell me something different about that router - like that is is wrapping the request or it can do NATing as well, then this options looks meager at best.

For Option 1 - can I add another interface card as another interface and will that work - someone already answered a question about PIX and setting up NATs so I am sure it can do that type of deterministic routing.  

Don't forget, Network 1 is just punched down to a switch - no firewall no nothing.  Computers on that network are given a 10.210.138.x address and the default gateway is set to the network 1 2500 router.

Any help or insight would be greatly appreciated.

0
Comment
Question by:markv114
  • 5
  • 5
10 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16854440
one way to do it is policey based routing this is not real easy to setup but works very effectivly... you can pretty much specify what you want to route if it can be defined by an access controll list you can route based on it.

Its a little contribed so to start here is a link...'


http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml

Thanks
Scott
0
 

Author Comment

by:markv114
ID: 16854573
Thanks again Scott - if I had an interface card on the 515E, can that be designated as another outside interface to be used for that?
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16854610
could be but a PIX does not really route it filters packets.... when I have seen a pix used in place of a router generally they do not work optimally... the 1700 router and 2500 should be able to policy route without trouble as long as you are not pushing too much data through them.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16854629
what version of 1700 is it?  and what cards are in it you should if it's capable just use an 802.1q trunk to a VLAN capable switch and then use the 1700 to route both networks traffic.
0
 

Author Comment

by:markv114
ID: 16855216
I wish I could get access to the 1700.  I wanted to replace everything with a 2821 and punch down all the T1s to the 2821.  The problem is, I would need to know the 1700 configuration for LAN, WAN and serial to allow the 2821 to work.  Now I am stuck with everyone sitting on the network and basically the group that setup the network refused to give us an external VPN or expose the 1700 config.  Long story with no real ending - basically trying to make it work for the short-term until I get that point-to-point t1 removed.

The only reason I need that T1 is for internal applications being used on their network.  I know what you are saying and agree that routing should really be done on the router layer - adding a router below won't work because I need the NAT.  Gateway might be an option, but again, same problem.

Could I use Remote Access (computer multi-homes) to act as the ultimate router?  After all, this is short-term.  In other words, computer bridgeing gap.

Net1   Net2
2500  1700
         Pix
  Multi-homes Computer
Switch

You think that might be useable?    
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16855253
well I do know that you can use free ones like IPCOP and some of them even have traffic shapping and policey routing packages built into them.

Too bad about the 1700 I could tell you how to get into it and save the config :D
0
 

Author Comment

by:markv114
ID: 16860424
Yes, please tell me how to get the config file - it is locked down and we have no control over the box.  We do not want to make changes, per sa, we want to examine the config to see the LAN/WAN settings.  That would also enable us to deploy a 2821 which will allow us greater capabilities.

Let me know how to get to that config file.  Thanks.
0
 

Author Comment

by:markv114
ID: 16861149
It is not the 1700 wew need to get into, it is the 2500 so if you know how to get the config from the 2500, please let me know.

Thanks for all you help.

Mark
0
 

Author Comment

by:markv114
ID: 16861193
Note: I have looked up the procedure for changing the password on Cisco, but will that kill the configuration?  Do not want to do that - just want to get the configuration.
0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 2000 total points
ID: 16861867
not if done corectly it will not kill the configuration.... but if done incorrectly yes it will...

Thanks
scott
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question