Solved

Internet browsing from point to point gateway

Posted on 2008-10-02
27
460 Views
Last Modified: 2012-05-05
Dear All
i think you can better judge this scenario from the attached file
if you see office A and Office B are directly connected through point to point T1
in office A before PIX i have anothoer router, But pc1 gateway is 172.16.1.21 LAN port for Router B
In Office B Router 2800 have 4 serial port and 2 ethernet port
serial 0/0/1 have IP 1.1.1.4 and serail 0/0/0 have 125.19.8.246 (that's only used for sunbet 192.168.10.0 for intrenet browsing) and ethernet 0 IP is 172.16.6.10 and ethernet 1 ip 192.168.10.2
pc2 gateway is LAN ip of juniper firwall and pc4 gatway ip is 172.16.6.10
i am able to ping PC 1(OFFICE A) to PC4 (OFFICE B) from both side, connectivity not an issue it's fine
but after putting gatway 172.16.6.10 in PC4(OFFICE B) i am not able to browse internet
i have tried to put the default route point to lan port of juniper but it's not working
so now please suugest some how can i browse internet on pc4

network.pdf
0
Comment
Question by:nabbu
  • 15
  • 12
27 Comments
 

Author Comment

by:nabbu
ID: 22631490
Building configuration...

Current configuration : 2030 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 25
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip name-server 202.56.230.5
ip name-server 202.56.230.6
ip name-server 202.54.15.30
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
no crypto isakmp ccm
!
!
!
!
interface GigabitEthernet0/0
 ip address 172.16.6.10 255.255.254.0
 ip policy route-map pc
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.121.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 125.19.8.246 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
interface Serial0/0/1
 ip address 1.1.1.5 255.255.255.0
!
interface Serial0/1/0
 no ip address
 shutdown
 clockrate 2000000
!
interface Serial0/1/1
 ip address 192.168.10.6 255.255.255.252
!
router ospf 2
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 0
 network 172.16.6.0 0.0.1.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 172.16.12.0 255.255.254.0 Serial0/1/1
ip route 172.16.16.0 255.255.254.0 Serial0/1/1
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map int interface Serial0/0/0 overload
!
access-list 100 permit ip 192.168.121.0 0.0.0.255 any
access-list 101 permit ip host 172.16.6.13 172.16.1.0 0.0.0.255
access-list 102 permit ip host 172.16.6.13 any
!
route-map pc permit 2
 match ip address 101
 set ip next-hop 1.1.1.4
!
route-map pc permit 3
 match ip address 102
 set ip next-hop 172.16.6.11
!
route-map int permit 1
 match ip address 100
 set ip next-hop 125.19.8.245
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
!
end






please find the config of Router B
0
 

Author Comment

by:nabbu
ID: 22631494
with this access list i am not able to browse


access-list 100 permit ip 192.168.121.0 0.0.0.255 any
access-list 101 permit ip host 172.16.6.13 172.16.1.0 0.0.0.255
access-list 102 permit ip host 172.16.6.13 any
!
route-map pc permit 2
 match ip address 101
 set ip next-hop 1.1.1.4
!
route-map pc permit 3
 match ip address 102
 set ip next-hop 172.16.6.11
!
route-map int permit 1
 match ip address 100
 set ip next-hop 125.19.8.245
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22631664
Follow simple thing

1) Nating should be in offcice A PIX with all access list
2) Default gatewar of allmachine should be router of office A
3) Default gateway in office A Router will be toward pix
4) Static router toward office B
5) On serial inter of router where u have conntected  p to p link put nat inside command

In remote office only one defaul router point toward offcie A

Done

You will  get net in office B via office A
0
 

Author Comment

by:nabbu
ID: 22631741
Dear Devang
Thanks for your response
But i have already intrernet connectivity in Office B
FOR other PC'S i am using Juniper Lan IP as a Gateway and i am able to browse Internet.
Soon we are going to connect other sites through MPLS then i will face the same issue
may be here i will browse intrernet from Office A but other sites have the same setup like one router for MPLS and One for Internet  but they don't have firewall i will again face the same problem.

Is some thing possible like we use the same Juniper LAN as a l gateway and we could use both the facilities i.e point to point and browsing or can we use the Router B LAN as a gateway but want to browse internet from Juniper
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22632633
yes

So at offcei B  Rouert keep defaul gateway point toward juniper
and static router pointing toward office B.

Default gateway in offcie B pc will be routerand not a juniper.

Try this.
0
 

Author Comment

by:nabbu
ID: 22632836
please clarify
i am nor getting

0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22633319
at office B
keep default gateway as juniper
ip router 0.0.0.0 0.0.0.0 juniper ip address

static router toward point to point router
ip router LOCAL network   Remote router ip address .

default gatewar in pc should be router address
0
 

Author Comment

by:nabbu
ID: 22639945
DEVANG
it's not working
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22639999
just provide me office b router config.
It has to work
0
 

Author Comment

by:nabbu
ID: 22640070
Router#sh run
Building configuration...

Current configuration : 1998 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 25
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip name-server 202.56.230.5
ip name-server 202.56.230.6
ip name-server 202.54.15.30
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username Naveen password 0 swastic
username Jindal_saw privilege 15 password 0 swastic
!
!
no crypto isakmp ccm
!
!
!
!
interface GigabitEthernet0/0
 ip address 172.16.6.10 255.255.254.0
 ip policy route-map pc
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.121.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 125.19.8.246 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
interface Serial0/0/1
 ip address 1.1.1.5 255.255.255.0
!
interface Serial0/1/0
 no ip address
 shutdown
 clockrate 2000000
!
interface Serial0/1/1
 ip address 192.168.10.6 255.255.255.252
!
router ospf 2
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 0
 network 172.16.6.0 0.0.1.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 0.0.0.0 0.0.0.0 172.16.6.11
ip route 172.16.6.0 255.255.254.0 1.1.1.4
ip route 172.16.12.0 255.255.254.0 Serial0/1/1
ip route 172.16.16.0 255.255.254.0 Serial0/1/1
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map int interface Serial0/0/0 overload
!
access-list 100 permit ip 192.168.121.0 0.0.0.255 any
!
route-map pc permit 2
 match ip address 101
 set ip next-hop 172.16.6.11
!
route-map pc permit 3
 match ip address 102
 set ip next-hop 1.1.1.4
!
route-map int permit 1
 match ip address 100
 set ip next-hop 125.19.8.245
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
!
end
0
 

Author Comment

by:nabbu
ID: 22640072
this is the network diagram for your reference
network.pdf
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640101
as per you router , there r 2 default router, thats the prob

So for point to point  static roter for serial
ip router 172.16.1.0 255.255.254.0 1.1.1.4
default router for juniper/
.

So only one default route in router for junoper and gateway in PC shoul be router ip address
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640153
remove this
ip route 0.0.0.0 0.0.0.0 Serial0/0/0

add this
ip route 0.0.0.0 0.0.0.0 172.16.6.11
ip route 172.16.1.0 255.255.254.0




0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:nabbu
ID: 22640334
Now these are the route

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.6.11
ip route 172.16.12.0 255.255.254.0 Serial0/1/1
ip route 172.16.16.0 255.255.254.0 Serial0/1/1
ip route 192.168.121.0 255.255.255.0 Serial0/0/0 (Old was ip route 0.0.00 0.0.0.0 Serial0/0/0)


but if i m trying to add this i m getting this error

Router(config)#ip route 172.16.1.0 255.255.254.0 1.1.1.4
%Inconsistent address and mask

Router(config)#ip route 172.16.1.0 255.255.254.0
% Incomplete command.

0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640345
what is ur remote ie office A network and subet mask
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640359
after removing  ip route 0.0.00 0.0.0.0 Serial0/0/0 did u tried net is it working
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640369
add ip route 172.16.0.0 255.255.254.0 1.1.1.4
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640373
do tracert from router of office B to 4.2.2.2 what the path its showing
remove this
ip route 0.0.0.0 0.0.0.0 Serial0/0/0

add this
ip route 0.0.0.0 0.0.0.0 172.16.6.11
ip route 172.16.0.0 255.255.254.0

0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640384
and after doing this u can eithr user internet via MPLS or internet from office B
becase there cannot be 2 default router .

or u can use 2 defaut router with higher  matric for mpls network
0
 

Author Comment

by:nabbu
ID: 22640391
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.6.11
ip route 172.16.0.0 255.255.254.0 1.1.1.4
ip route 172.16.12.0 255.255.254.0 Serial0/1/1
ip route 172.16.16.0 255.255.254.0 Serial0/1/1
ip route 192.168.121.0 255.255.255.0 Serial0/0/0

now my pc gateway is 172.16.6.10 (Router B LAN)
BUT if i m trying to ping 172.16.1.21 Router A LAN port IT'S not pining
0
 

Author Comment

by:nabbu
ID: 22640413
Router A Config


router#sh run
Building configuration...

Current configuration : 3130 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$LkZL$A43ImrVOMik/jjVaA5k/61
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 5 30
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name jindalsaw.com
ip name-server 172.16.1.2
!
username jindal privilege 15 secret 5 $1$JMxX$HsiDR/uXFZia3RfOB5fQi0
!
!
!
interface FastEthernet0/0
 description JC END LAN
 ip address 172.16.1.21 255.255.254.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0
 ip address 1.1.1.4 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
!
interface Serial0/0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 clockrate 2000000
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 0
 network 172.16.0.0 0.0.1.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.40
ip route 172.16.16.0 255.255.254.0 1.1.1.5
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640418
this is not correct ip route 192.168.121.0 255.255.255.0 Serial0/0/0 remove
and is ur intenert is working after doing all this
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22640463
do extended ping from router B to router A
0
 

Author Comment

by:nabbu
ID: 22643487
that route is only for different subnet 192.168.121.0

from router B to A it's perfectly fine
after puting the gateway 172.16.6.10 in Office B pc i am not able to ping the LAN PORT of Router A
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22643630
hey boss see the network on both the side its same .

Office B-------Host Range 172.16.0.1 to 172.16.1.245
                       Subnet         172.26.0.0          
                       Mask           255.255.254.0

Office A--------Host Range 172.16.0.1 to 172.16.1.245
                       Subnet         172.26.0.0          
                       Mask           255.255.254.0

Now here is the confusion ,

So ple change the lan subnet mask of any one side. Do ip calculation , u will fine on both the side network is same.
0
 

Author Comment

by:nabbu
ID: 22647484
Devang please again see both the config details

office B -- host 172.16.6.1 to 172.16.6.254
subnet 172.16.0.0
mask 255.255.254.0

Office A  host 172.16.1.1 to 172.16.1.254
subnet 172.16.0.0
mask 255.255.254.0


0
 
LVL 5

Accepted Solution

by:
devangshroff earned 500 total points
ID: 22666745
can u just send me tracert from office B to office A machine.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now