Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Routing to remote office

HI everyone i have a routing related question. One of my clients has a weird setup between two of their offices and i need to properly route traffic between them.

They have one main office with a direct connection to the internet (gateway 192.168.3.11)
They have a satellite office in the same city for which they had the ISP setup a site to site link to the main office. The office is on the 192.168.1.0/24 subnet and the ISP's router is 192.168.1.81. The connection goes directly to the main office (no internet access) where it terminates in a router on 192.168.3.3.
They have a Cisco 1841 router (192.168.3.2) in the main office that routes traffic for main office computers/servers to either the internet or the satellite office

Originally this was setup as not one their users in the remote office needed internet access, however that need has now changed and they need to get users internet access in the satellite office. They do not want to get the ISP involved as they will be moving both offices to a bigger building in the next 8 months and don't want to extend the contract.

Now i'm thinking this can be accomplished by setting up a router in the satellite office with a routing table that looks like this:
0.0.0.0/0.0.0.0 gateway 192.168.3.2
192.168.3.0/255.255.255.0 gateway 192.168.1.81

I tried setting it up with a test router but i'm not able to get out to the internet what am i missing? is this the right way to go about it?

Thanks
0
curwengroup
Asked:
curwengroup
  • 6
  • 3
1 Solution
 
tgtranCommented:
On Satellite office, the default gateway should be 192.168.1.81
You need to get on the satellite's router (the site-2-site router) and check if the default route is set for 192.168.3.3
On the main office, get on the 1841 router and see if there is a route for
192.168.1.0 255.255.255.0 gateway 192.168.3.3

If possible, post config of both routers here.
0
 
curwengroupAuthor Commented:
I don't think i was clear on my explanation this is the setup


Sattelite Office LAN  -  ISP Router (192.168.1.81 no control over internally routed by ISP)
            |
Cisco 1841 (192.168.1.3)                     |
                                                              |
                                     ISP Router (192.168.3.3 no control over internally routed by ISP)
                                                             |
                                                             |
                                             Main Office LAN -- ISP Router (192.168.3.11 this is the internet gateway)
                                                             |
                                                     Cisco 1841 (192.168.3.2)

I will post the config as soon as i get home from the office.
Thanks

0
 
curwengroupAuthor Commented:
Configuration of the Cisco 1841 at the main office:


Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.3.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.11
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
curwengroupAuthor Commented:
Configuration of 1841 at the satellite office:

Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.2
ip route 192.168.3.0 255.255.255.0 192.168.1.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
 
tgtranCommented:
The  1841 @ satellite office serves what purpose? A router is design to route between 2 networks but this 1841 has one interface only.

For satellite office, why don't you configure a workstation with 192.168.1.81 as a gateway.  That would work.

0
 
curwengroupAuthor Commented:
If i configure a workstation with 192.168.1.81 as a gateway i only get traffic up to the main office not further and also not externally.

The ISP routers (192.168.3.2 and 192.168.1.81) are out of our control and they only route traffic between our two offices,

I need to get traffic from our satellite office through our main office out to the internet.

That is what we were trying to achieve with the 1841 router in the satellite office to enable traffic originating in our satellite office to start be routed through the 1841 in the main office and then out to the internet.
0
 
tgtranCommented:
The problem you have to solve is to get ISP router 192.168.3.11 to route traffics back to the satellite office by adding a static route there.  Do you have any firewall? You can  inject the 1841 between your LAN and the ISP internet router and add static routes.  Otherwise, you need to contact your ISP to ask them to configure the internet router in bridge mode so you can use the 1841 to NAT and route.
0
 
curwengroupAuthor Commented:
what would the route look on the 192.168.3.11 router?
192.168.2.0/24 > 192.168.3.2

i still think that no matter what i do at my main office the satellite office still has no way access any other subnet then 192.168.1.0/24 and 192.168.3.0/24
0
 
curwengroupAuthor Commented:
closing this as it's no longer relevant to my environment
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now