default route on Cisco router with 2 serial interfaces

I have a Cisco router with 2 serial interfaces, one used for interoffice WAN connectivity and one used for an Internet connection.  Is there a way to set a default route that is applicable only to the serial interface for the Internet connection?  I'm curous how a default route will affect traffic to the interoffice WAN connection.  Thanks

cahelmsterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
You would have two route statements
 ip route 0.0.0.0 0.0.0.0 serial 0/0  <== default interface
 ip route x.x.x.x 255.255.255.0 serial 0/1  <== remote office

Routes take the most bits match so as long as you have a more explicit route to the remote office, it will always take precedence.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cahelmsterAuthor Commented:
ok...would the same statements apply if I'm running EIGRP?  Can the remote office route be added without disrupting anything?
0
mikebernhardtCommented:
If you're running EIGRP then presumably this router already has a route to the remote office? If so, don't add the 2nd router that lrmoore gave you, you don't need it. The default route is all you need.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

cahelmsterAuthor Commented:
I currently have connectivity to the remote office without any static routes in the config.  I just want to plug in a default route for the Internet connection.
0
mikebernhardtCommented:
Yup, just add the default route then:
ip route 0.0.0.0 0.0.0.0 [serial interface name]
0
cahelmsterAuthor Commented:
cool...thanks to you both
0
lrmooreCommented:
Thanks.
BTW, from a security standpoint, it is not healthy to have private PtP links and Internet all on the same router...
0
cahelmsterAuthor Commented:
What risks do I face?  This router was configured by a third-party like that, but I'd like to know what the potential risks are to maybe change the router setup down the road...thanks
0
mikebernhardtCommented:
It's just a matter of security because the internet is a relatively risky connection, and it makes it easier for someone who manages to find some access to then hop off to your other location. A common design is sometimes called "belt and suspenders," which is an outside router that connects to the internet, then a firewall, then an inside router to the LAN and other locations.
0
cahelmsterAuthor Commented:
hmm...ok, so essentially it would be better to not use the second serial port on the Internet router and just throw in a separate router inside the firewall for the remote office?

Pretty much using both serial ports will work but it shouldn't be configured that way for security reasons?

Thanks

0
lrmooreCommented:
Security best practices dictates a "defense in depth" and common practice is to have an Internet facing edge router, then a Firewall, and then an internal router for intranet communications between offices. This keeps all the Intranet traffic 'inside the firewall'.
If you have a separate firewall, then using the Internet router to also feed the remote office makes it difficult to route that remote site's traffic through your firewall if you are providing them Internet access.
Internet facing routers are at risk of hackers, with well known vulnerabilities and backdoors. I wouldn't risk my remote office being compromised simply because the edge router was compromised.
At the very least, I would hope your Edge router is monitored, secured against outside threats, and runs some type of firewall features in it.
0
cahelmsterAuthor Commented:
ok...one last question...maybe :)

Disregarding the remote office connection, what's the advantage to doing:  Internet router---firewall---router---LAN switch

as opposed to:  Internet router---firewall---LAN switch

I guess the first option being the 'belt and suspenders' approach...

Thanks
0
mikebernhardtCommented:
You can do it that way, but you don't have as much flexibility internally (multiple subnets, etc.). Internally, a Layer 3 switch can serve the purpose as well as a dedicated router. But if budget is an issue, I think it's OK.
0
lrmooreCommented:
Without remote offices/intranet, the primary value of an internal router is L3 routing between VLAN's. If you don't have VLAN's, then you don't need it.

0
mikebernhardtCommented:
You don't often see disagreement between me and lrmoore!   :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.