Routing to remote office

HI everyone i have a routing related question. One of my clients has a weird setup between two of their offices and i need to properly route traffic between them.

They have one main office with a direct connection to the internet (gateway 192.168.3.11)
They have a satellite office in the same city for which they had the ISP setup a site to site link to the main office. The office is on the 192.168.1.0/24 subnet and the ISP's router is 192.168.1.81. The connection goes directly to the main office (no internet access) where it terminates in a router on 192.168.3.3.
They have a Cisco 1841 router (192.168.3.2) in the main office that routes traffic for main office computers/servers to either the internet or the satellite office

Originally this was setup as not one their users in the remote office needed internet access, however that need has now changed and they need to get users internet access in the satellite office. They do not want to get the ISP involved as they will be moving both offices to a bigger building in the next 8 months and don't want to extend the contract.

Now i'm thinking this can be accomplished by setting up a router in the satellite office with a routing table that looks like this:
0.0.0.0/0.0.0.0 gateway 192.168.3.2
192.168.3.0/255.255.255.0 gateway 192.168.1.81

I tried setting it up with a test router but i'm not able to get out to the internet what am i missing? is this the right way to go about it?

Thanks
curwengroupAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TG TranIT guyCommented:
On Satellite office, the default gateway should be 192.168.1.81
You need to get on the satellite's router (the site-2-site router) and check if the default route is set for 192.168.3.3
On the main office, get on the 1841 router and see if there is a route for
192.168.1.0 255.255.255.0 gateway 192.168.3.3

If possible, post config of both routers here.
0
curwengroupAuthor Commented:
I don't think i was clear on my explanation this is the setup


Sattelite Office LAN  -  ISP Router (192.168.1.81 no control over internally routed by ISP)
            |
Cisco 1841 (192.168.1.3)                     |
                                                              |
                                     ISP Router (192.168.3.3 no control over internally routed by ISP)
                                                             |
                                                             |
                                             Main Office LAN -- ISP Router (192.168.3.11 this is the internet gateway)
                                                             |
                                                     Cisco 1841 (192.168.3.2)

I will post the config as soon as i get home from the office.
Thanks

0
curwengroupAuthor Commented:
Configuration of the Cisco 1841 at the main office:


Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.3.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.11
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

curwengroupAuthor Commented:
Configuration of 1841 at the satellite office:

Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.2
ip route 192.168.3.0 255.255.255.0 192.168.1.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
TG TranIT guyCommented:
The  1841 @ satellite office serves what purpose? A router is design to route between 2 networks but this 1841 has one interface only.

For satellite office, why don't you configure a workstation with 192.168.1.81 as a gateway.  That would work.

0
curwengroupAuthor Commented:
If i configure a workstation with 192.168.1.81 as a gateway i only get traffic up to the main office not further and also not externally.

The ISP routers (192.168.3.2 and 192.168.1.81) are out of our control and they only route traffic between our two offices,

I need to get traffic from our satellite office through our main office out to the internet.

That is what we were trying to achieve with the 1841 router in the satellite office to enable traffic originating in our satellite office to start be routed through the 1841 in the main office and then out to the internet.
0
TG TranIT guyCommented:
The problem you have to solve is to get ISP router 192.168.3.11 to route traffics back to the satellite office by adding a static route there.  Do you have any firewall? You can  inject the 1841 between your LAN and the ISP internet router and add static routes.  Otherwise, you need to contact your ISP to ask them to configure the internet router in bridge mode so you can use the 1841 to NAT and route.
0
curwengroupAuthor Commented:
what would the route look on the 192.168.3.11 router?
192.168.2.0/24 > 192.168.3.2

i still think that no matter what i do at my main office the satellite office still has no way access any other subnet then 192.168.1.0/24 and 192.168.3.0/24
0
curwengroupAuthor Commented:
closing this as it's no longer relevant to my environment
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.