Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco 2811 Integrated Services

Avatar of hancke
hanckeFlag for United States of America asked on
NetworkingHardware FirewallsDNS
9 Comments1 Solution1112 ViewsLast Modified:
I have two 2811 routers that have the 12.4 SEC/K9 IOS.  They are currently working in a configuration with 2 locations connected by a T1.  Each site has a DSL modem connected to FE 0/1 for Internet access.(ATM Interfaces are not used)  
DSL--FE0/1, LAN--FE0/0, T1--S0/0/0 Both Sites
SITE1- 192.128.54.x
SITE2- 192.128.55.x

These are working OK now with a T1 between them.  I now have an ethernet connection between the 2 sites via Paradyne ethernet extenders and want to eliminate the T1.  I have added a secondary IP address 192.128.54.200 to SITE2 FE0/0 and killed the S0/0/0 static routes on both ends.  It shows as directly connected but I cannot get traffic routed between the subnets.  I plugged the Paradyne units into my switches at each end.  I can add a 192.128.54.x IP to my workstation and get to the other side fine.  I just cannot do it via the router.
I'm used to doing this with a seperate router and PIX.  This integrated device is driving me nuts.

Current configuration : 5084 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SITE1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5.
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2987015394
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2987015394
 revocation-check none
 rsakeypair TP-self-signed-2987015394
!
!
crypto pki certificate chain TP-self-signed-2987015394
 certificate self-signed 01
  3082024C …….67093E5E
  quit
username
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 ip address 192.128.54.6 255.255.255.0
 ip access-group 104 in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ETH-WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet0/1
 ip access-group 107 in
 ip inspect SDM_LOW in
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 description $FW_INSIDE$
 ip address 192.168.1.101 255.255.255.0
 ip access-group 100 in
 service-module t1 timeslots 1-24 speed 56
!
interface ATM0/1/0
 ip address dhcp
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 192.128.55.0 255.255.255.0 192.168.1.102
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.128.54.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 107 remark auto generated by SDM firewall configuration
access-list 107 remark SDM_ACL Category=1
access-list 107 deny   ip 192.168.1.0 0.0.0.255 any
access-list 107 deny   ip 192.128.54.0 0.0.0.255 any
access-list 107 permit udp any eq bootps any eq bootpc
access-list 107 permit icmp any any echo-reply
access-list 107 permit icmp any any time-exceeded
access-list 107 deny   ip 10.0.0.0 0.255.255.255 any
access-list 107 permit icmp any any unreachable
access-list 107 deny   ip 192.168.0.0 0.0.255.255 any
access-list 107 deny   ip 172.16.0.0 0.15.255.255 any
access-list 107 deny   ip 127.0.0.0 0.255.255.255 any
access-list 107 deny   ip host 255.255.255.255 any
access-list 107 deny   ip any any log
!
!
control-plane
!
!
banner login
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
--------------------------------------------------------------------------------------
SITE2#

Current configuration : 5073 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SITE2
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1274348666
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1274348666
 revocation-check none
 rsakeypair TP-self-signed-1274348666
!
!
crypto pki certificate chain TP-self-signed-1274348666
 certificate self-signed 01
  3082023F …. A3AFD2
  quit
username
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 ip address 192.128.54.200 255.255.255.0 secondary
 ip address 192.128.55.9 255.255.255.0
 ip access-group 103 in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ETH-WAN$$FW_OUTSIDE$
 ip address dhcp client-id FastEthernet0/1
 ip access-group 104 in
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 description $FW_INSIDE$
 ip address 192.168.1.102 255.255.255.0
 ip access-group 101 in
 service-module t1 timeslots 1-24 speed 56
!
interface ATM0/1/0
 ip address dhcp
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.254.254 permanent
ip route 192.128.54.0 255.255.255.0 Serial0/0/0 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.128.55.0 0.0.0.255
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip 192.168.1.0 0.0.0.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp any eq bootps any eq bootpc
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip any any log
!
!
control-plane
!
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end






ASKER CERTIFIED SOLUTION
Avatar of hancke
hanckeFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 9 Comments.
See Answers