Solved

Routing to remote office

Posted on 2008-10-31
9
293 Views
Last Modified: 2010-04-12
HI everyone i have a routing related question. One of my clients has a weird setup between two of their offices and i need to properly route traffic between them.

They have one main office with a direct connection to the internet (gateway 192.168.3.11)
They have a satellite office in the same city for which they had the ISP setup a site to site link to the main office. The office is on the 192.168.1.0/24 subnet and the ISP's router is 192.168.1.81. The connection goes directly to the main office (no internet access) where it terminates in a router on 192.168.3.3.
They have a Cisco 1841 router (192.168.3.2) in the main office that routes traffic for main office computers/servers to either the internet or the satellite office

Originally this was setup as not one their users in the remote office needed internet access, however that need has now changed and they need to get users internet access in the satellite office. They do not want to get the ISP involved as they will be moving both offices to a bigger building in the next 8 months and don't want to extend the contract.

Now i'm thinking this can be accomplished by setting up a router in the satellite office with a routing table that looks like this:
0.0.0.0/0.0.0.0 gateway 192.168.3.2
192.168.3.0/255.255.255.0 gateway 192.168.1.81

I tried setting it up with a test router but i'm not able to get out to the internet what am i missing? is this the right way to go about it?

Thanks
0
Comment
Question by:curwengroup
  • 6
  • 3
9 Comments
 
LVL 12

Expert Comment

by:tgtran
ID: 22854899
On Satellite office, the default gateway should be 192.168.1.81
You need to get on the satellite's router (the site-2-site router) and check if the default route is set for 192.168.3.3
On the main office, get on the 1841 router and see if there is a route for
192.168.1.0 255.255.255.0 gateway 192.168.3.3

If possible, post config of both routers here.
0
 

Author Comment

by:curwengroup
ID: 22855119
I don't think i was clear on my explanation this is the setup


Sattelite Office LAN  -  ISP Router (192.168.1.81 no control over internally routed by ISP)
            |
Cisco 1841 (192.168.1.3)                     |
                                                              |
                                     ISP Router (192.168.3.3 no control over internally routed by ISP)
                                                             |
                                                             |
                                             Main Office LAN -- ISP Router (192.168.3.11 this is the internet gateway)
                                                             |
                                                     Cisco 1841 (192.168.3.2)

I will post the config as soon as i get home from the office.
Thanks

0
 

Author Comment

by:curwengroup
ID: 22855246
Configuration of the Cisco 1841 at the main office:


Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.3.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.11
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
 

Author Comment

by:curwengroup
ID: 22855252
Configuration of 1841 at the satellite office:

Current configuration : 2733 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gtco-rt01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$CBks$6FhK95jbq42OSi3nmYOR/1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name grantierra.local
!
username root privilege 15 secret 5 $1$wd3N$JDVpVqYVHM5zHM6W1mozJ0
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.3 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.2
ip route 192.168.3.0 255.255.255.0 192.168.1.81
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 12

Expert Comment

by:tgtran
ID: 22855672
The  1841 @ satellite office serves what purpose? A router is design to route between 2 networks but this 1841 has one interface only.

For satellite office, why don't you configure a workstation with 192.168.1.81 as a gateway.  That would work.

0
 

Author Comment

by:curwengroup
ID: 22855684
If i configure a workstation with 192.168.1.81 as a gateway i only get traffic up to the main office not further and also not externally.

The ISP routers (192.168.3.2 and 192.168.1.81) are out of our control and they only route traffic between our two offices,

I need to get traffic from our satellite office through our main office out to the internet.

That is what we were trying to achieve with the 1841 router in the satellite office to enable traffic originating in our satellite office to start be routed through the 1841 in the main office and then out to the internet.
0
 
LVL 12

Expert Comment

by:tgtran
ID: 22858400
The problem you have to solve is to get ISP router 192.168.3.11 to route traffics back to the satellite office by adding a static route there.  Do you have any firewall? You can  inject the 1841 between your LAN and the ISP internet router and add static routes.  Otherwise, you need to contact your ISP to ask them to configure the internet router in bridge mode so you can use the 1841 to NAT and route.
0
 

Author Comment

by:curwengroup
ID: 22858483
what would the route look on the 192.168.3.11 router?
192.168.2.0/24 > 192.168.3.2

i still think that no matter what i do at my main office the satellite office still has no way access any other subnet then 192.168.1.0/24 and 192.168.3.0/24
0
 

Accepted Solution

by:
curwengroup earned 0 total points
ID: 23178544
closing this as it's no longer relevant to my environment
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
tplink repeater 3 25
Does Ping Packet go through Trunk port 4 39
How often can a passive RFID be polled? 10 43
HSRP needed? 4 27
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now