curwengroup
asked on
Routing to remote office
HI everyone i have a routing related question. One of my clients has a weird setup between two of their offices and i need to properly route traffic between them.
They have one main office with a direct connection to the internet (gateway 192.168.3.11)
They have a satellite office in the same city for which they had the ISP setup a site to site link to the main office. The office is on the 192.168.1.0/24 subnet and the ISP's router is 192.168.1.81. The connection goes directly to the main office (no internet access) where it terminates in a router on 192.168.3.3.
They have a Cisco 1841 router (192.168.3.2) in the main office that routes traffic for main office computers/servers to either the internet or the satellite office
Originally this was setup as not one their users in the remote office needed internet access, however that need has now changed and they need to get users internet access in the satellite office. They do not want to get the ISP involved as they will be moving both offices to a bigger building in the next 8 months and don't want to extend the contract.
Now i'm thinking this can be accomplished by setting up a router in the satellite office with a routing table that looks like this:
0.0.0.0/0.0.0.0 gateway 192.168.3.2
192.168.3.0/255.255.255.0 gateway 192.168.1.81
I tried setting it up with a test router but i'm not able to get out to the internet what am i missing? is this the right way to go about it?
Thanks
They have one main office with a direct connection to the internet (gateway 192.168.3.11)
They have a satellite office in the same city for which they had the ISP setup a site to site link to the main office. The office is on the 192.168.1.0/24 subnet and the ISP's router is 192.168.1.81. The connection goes directly to the main office (no internet access) where it terminates in a router on 192.168.3.3.
They have a Cisco 1841 router (192.168.3.2) in the main office that routes traffic for main office computers/servers to either the internet or the satellite office
Originally this was setup as not one their users in the remote office needed internet access, however that need has now changed and they need to get users internet access in the satellite office. They do not want to get the ISP involved as they will be moving both offices to a bigger building in the next 8 months and don't want to extend the contract.
Now i'm thinking this can be accomplished by setting up a router in the satellite office with a routing table that looks like this:
0.0.0.0/0.0.0.0 gateway 192.168.3.2
192.168.3.0/255.255.255.0 gateway 192.168.1.81
I tried setting it up with a test router but i'm not able to get out to the internet what am i missing? is this the right way to go about it?
Thanks
ASKER
I don't think i was clear on my explanation this is the setup
Sattelite Office LAN - ISP Router (192.168.1.81 no control over internally routed by ISP)
|
Cisco 1841 (192.168.1.3) |
|
ISP Router (192.168.3.3 no control over internally routed by ISP)
|
|
Main Office LAN -- ISP Router (192.168.3.11 this is the internet gateway)
|
Cisco 1841 (192.168.3.2)
I will post the config as soon as i get home from the office.
Thanks
Sattelite Office LAN - ISP Router (192.168.1.81 no control over internally routed by ISP)
|
Cisco 1841 (192.168.1.3) |
|
ISP Router (192.168.3.3 no control over internally routed by ISP)
|
|
Main Office LAN -- ISP Router (192.168.3.11 this is the internet gateway)
|
Cisco 1841 (192.168.3.2)
I will post the config as soon as i get home from the office.
Thanks
ASKER
Configuration of the Cisco 1841 at the main office:
Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmY
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1m
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.3.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.11
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmY
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1m
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.3.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.11
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
ASKER
Configuration of 1841 at the satellite office:
Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmY
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1m
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.1.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.2
ip route 192.168.3.0 255.255.255.0 192.168.1.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmY
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1m
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.1.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.2
ip route 192.168.3.0 255.255.255.0 192.168.1.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
The 1841 @ satellite office serves what purpose? A router is design to route between 2 networks but this 1841 has one interface only.
For satellite office, why don't you configure a workstation with 192.168.1.81 as a gateway. That would work.
For satellite office, why don't you configure a workstation with 192.168.1.81 as a gateway. That would work.
ASKER
If i configure a workstation with 192.168.1.81 as a gateway i only get traffic up to the main office not further and also not externally.
The ISP routers (192.168.3.2 and 192.168.1.81) are out of our control and they only route traffic between our two offices,
I need to get traffic from our satellite office through our main office out to the internet.
That is what we were trying to achieve with the 1841 router in the satellite office to enable traffic originating in our satellite office to start be routed through the 1841 in the main office and then out to the internet.
The ISP routers (192.168.3.2 and 192.168.1.81) are out of our control and they only route traffic between our two offices,
I need to get traffic from our satellite office through our main office out to the internet.
That is what we were trying to achieve with the 1841 router in the satellite office to enable traffic originating in our satellite office to start be routed through the 1841 in the main office and then out to the internet.
The problem you have to solve is to get ISP router 192.168.3.11 to route traffics back to the satellite office by adding a static route there. Do you have any firewall? You can inject the 1841 between your LAN and the ISP internet router and add static routes. Otherwise, you need to contact your ISP to ask them to configure the internet router in bridge mode so you can use the 1841 to NAT and route.
ASKER
what would the route look on the 192.168.3.11 router?
192.168.2.0/24 > 192.168.3.2
i still think that no matter what i do at my main office the satellite office still has no way access any other subnet then 192.168.1.0/24 and 192.168.3.0/24
192.168.2.0/24 > 192.168.3.2
i still think that no matter what i do at my main office the satellite office still has no way access any other subnet then 192.168.1.0/24 and 192.168.3.0/24
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to get on the satellite's router (the site-2-site router) and check if the default route is set for 192.168.3.3
On the main office, get on the 1841 router and see if there is a route for
192.168.1.0 255.255.255.0 gateway 192.168.3.3
If possible, post config of both routers here.