asked on

Help setting up static routes to alternate IP Block

Hello all,

Our ISP has assigned us two IP blocks (both /24). We are using our Cisco 2811 to access the first IP block without any problems.

If we want to access the second IP block, the ISP is saying that everything on their end is setup correctly - we just need to setup our router (we own/manage it, so they cannot config it).

These blocks are completely different. I believe all I have to do is setup a static route to the block, but when I've done this and I still can't seem to access anything. The static statement I wrote is:

ip route 129.x.x.0 255.255.255.0 "WAN Network Side IP"
The ISP assigned us the WAN Network Side and Customer Side IP addresses for the block. I tried both with the same result.

does any one have some guidance or perhaps a sample config showing a router accessing two different IP blocks?

Please let me know if you need any additional info.

Thanks all

jonmckinlay

can you ping "WAN Network Side IP" from your router at present? if this address is unreachable then the routing statement won't become active.

You could as an alternative make the route connected by pointing the route to the interface, example "ip route 129.x.x.0 255.255.255.0 serial 1/0"

bhnmi

You need to assign the new IP's to an interface be it subinterface or as a secondary IP address.

ustda

ASKER

No, I can't, but funny enough I can ping the Customer Side IP address (which would technically be the IP of the Serial interface if this was the only IP block on the router) and I get a response from the Network Side IP address with a "TTL Expired in transit".

The IP block is setup like so:
129.x.x.0 / 24 is our block
65.x.x.88/30 is our Circuit block
.89 is the network side (i.e. the gateway)
.90 is the customer side (i.e. the serial interface)

I'll try the serial method you mentioned mckinlay.

ustda

ASKER

bhnmi - do you have any examples of how to do this?

bhnmi

Everything is coming over the same serial connection? Perhaps you can post a sample of your current configuration and I can see if I can show you what to change.

ustda

ASKER

Yes, everything is coming down the same serial connection (it's four bonded T1s). Attached is my config less sensitive info:

ustdagw1#show config
Using 3354 out of 245752 bytes
!
! Last configuration change at 15:51:55 NewYork Mon Feb 4 2008 by ustdartr
! NVRAM config last updated at 15:51:56 NewYork Mon Feb 4 2008 by ustdartr
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname gw1
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
card type t1 0 1
security authentication failure rate 3 log
security passwords min-length 8
logging buffered 51200 debugging
enable secret 5 $1$FKx3$6yRhD3Jqf.zKjdwwvYPbj1
!
no aaa new-model
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate wic 0
no network-clock-participate wic 1
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip domain name domain.com
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
username usrrtr privilege 15 secret 5 $1$gx3W$x3dgiRTu34ppaFvjPhjZ80
!
!
controller T1 0/0/0
 framing esf
 linecode b8zs
 channel-group 1 timeslots 1-24
!
controller T1 0/0/1
 framing esf
 linecode b8zs
 channel-group 1 timeslots 1-24
!
controller T1 0/1/0
 framing esf
 linecode b8zs
 channel-group 1 timeslots 1-24
!
controller T1 0/1/1
 framing esf
 linecode b8zs
 channel-group 1 timeslots 1-24
!
!
interface Multilink1
 description $FW_OUTSIDE$
 ip address 216.x.x.82 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 load-interval 30
 no cdp enable
 ppp multilink
 ppp multilink fragment disable
 ppp multilink group 1
 max-reserved-bandwidth 100
!
interface FastEthernet0/0
 description $FW_INSIDE$
 ip address 207.x.x.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 duplex full
 speed 100
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0:1
 description Link 1
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
 max-reserved-bandwidth 100
!
interface Serial0/0/1:1
 description Link 2
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
 max-reserved-bandwidth 100
!
interface Serial0/1/0:1
 description Link 3
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
 max-reserved-bandwidth 100
!
interface Serial0/1/1:1
 description Link 4
 no ip address
 no ip redirects
 no ip proxy-arp
 encapsulation ppp
 ip route-cache flow
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
 max-reserved-bandwidth 100
!
ip default-gateway 216.x.x.81
ip classless
ip route 0.0.0.0 0.0.0.0 216.x.x.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
no cdp run
!
control-plane
!
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

Open in new window

ASKER CERTIFIED SOLUTION

bhnmi

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ustda

ASKER

hmm, ok - do I need to add any route statements? I added my Network Side IP as a secondary IP to the multilink but I still can't ping the Customer Side IP.

bhnmi

Need a route to define the next hop for the new IP addresses.

ustda

ASKER

ok, I don't think that it would look like this:
ip route 0.0.0.0 0.0.0.0 65.x.x.89

I'm assuming that if I placed that statement in place, it might cut my access off since I already have a similar statement loaded:
ip route 0.0.0.0 0.0.0.0 216.x.x.81

So how would I write the statement exactly?

bhnmi

I would define the new block in the x.x.x.x x.x.x.x (Gateway IP for new block) I think...

So basically we want all traffic destined for the new IP block to route to the gateway for that block.

ustda

ASKER

ok, so something like this then:

ip route 129.x.x.0 255.255.255.0 65.x.x.89

Does that look right?

bhnmi

God, my brain is stalling. 65.x.x.89 is the gateway for the new block? 129.x.x.0/24 is the new block?They gave you that whole block?

ustda

ASKER

me too. :)

yes, yes & yes to all your questions.

bhnmi

Well, then I would give it a try. I mean you aren't using the IP's yet so we cant really mess up any traffic going over them and the new routes wont effect the current routes.

The ISP wont help at all with the config??

bhnmi

We didn't kill the network did we?

ustda

ASKER

Sorry for the delay in response - I got pulled away and wasn't able to continue work on it until this morning.

So, it ended up working, but the one piece that was missing was , that I had to add a secondary IP to FastEthernet0/0 ... the .1 address of my block, so that anything using an IP from that block past my firewall had a gateway to point to.

I guess my question is, what do you do when you have more than two blocks of IPs? It clearly works fine with two, but what if you wanted more?

bhnmi

Geez, I dont know off the top of my head. Never really had more the two blocks and then only at select locations.

ustda

ASKER

Well, till another day - all is good for now!

Thanks!