Solved

Need help routing internet traffic to other network

Posted on 2009-04-07
13
229 Views
Last Modified: 2012-08-14
One of my network locations is losing their direct internet connection and I need to keep them up by routing all of their internet traffic to a second location that has internet connectivity.  The two networks are connected via T1 lines.

I need to change the line that states:
ip route 0.0.0.0 0.0.0.0 10.1.2.6

10.1.2.6 is the firewall on the local end.  The two cisco routers are connected via their own network: 10.1.10.5 (remote) and 10.1.10.6 (local)  The remote network is 10.1.1.0 and the local network is 10.1.2.0.

I tried to replace the line to read 0.0.0.0 0.0.0.0 10.1.1.6 (remote firewall) as well as using 10.1.1.1 (remote ip of cisco router) and even 10.1.10.5.... none of those entries worked, though.

What am I missing?
interface Multilink1

 description Two T1 Multilink to admin

 ip address 10.1.10.6 255.255.255.252

 no cdp enable

 ppp multilink

 multilink-group 1

!

interface FastEthernet0

 ip address 10.1.2.1 255.255.255.0

 speed auto

 half-duplex

!

interface Serial0

 no ip address

 encapsulation ppp

 service-module t1 timeslots 1-24

 ppp multilink

 multilink-group 1

!

interface Serial1

 no ip address

 encapsulation ppp

 ppp multilink

 multilink-group 1

!

router rip

 version 2

 network 10.0.0.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.2.6

ip route 10.1.1.0 255.255.255.0 10.1.10.5

no ip http server

Open in new window

0
Comment
Question by:larry
  • 7
  • 6
13 Comments
 
LVL 7

Expert Comment

by:EmpKent
ID: 24092925
Larry,

It sounds like you now want all of your traffic to go through the WAN to the primary site so removing both routes:

ip route 0.0.0.0 0.0.0.0 10.1.2.6
ip route 10.1.1.0 255.255.255.0 10.1.10.5

And replacing them with a single one:

ip route 0.0.0.0 0.0.0.0 10.1.10.5

Should do the trick. You probably do not need RIP enabled on this router.

In that case you could use an ip default gateway command as well.

Kent
0
 

Author Comment

by:larry
ID: 24097420
Thanks Kent,  but for some reason the packets just end at 10.1.10.5 when I do a tracert to the internet.
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 24097464
Larry,

Do you have a default route in the remote router to direct everything to the Inet?

Kent
0
 

Author Comment

by:larry
ID: 24097510
Yes, the remote router is routing all 0.0.0.0 traffic to it's firewall, then out to the internet.

router rip
 version 2
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.6
ip route 10.1.2.0 255.255.255.0 10.1.10.6
ip route 192.168.22.0 255.255.255.0 10.1.1.14
ip route 192.168.42.0 255.255.255.0 10.1.1.14
no ip http server
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 24097621
Larry,

Do you get responses from anything on teh 192.168.22.0 network or any other than the Inet?

Kent
0
 

Author Comment

by:larry
ID: 24097781
You mean from the local side?  The 192. network is on the remote side, but no, the local traffic still ends at 10.1.10.5 when I try to get to 192.  The remote network routes 192 traffic correctly.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 7

Expert Comment

by:EmpKent
ID: 24098022
OK, so is it safe top say that the only traffic getting back to 10.1.2.0 is that from 10.1.1.0?

Ensure that your local route is ip route 0.0.0.0 0.0.0.0 10.1.10.5.

With this, I am leaning towards an issue in the remote router config, not the local.
0
 

Author Comment

by:larry
ID: 24098282
Yes, that is the local route but it ends at 10.1.10.5.  I think you're right about something going on at the remote router.  I'm not sure why the remote router isn't passing the packets from 10.1.10.5 to the remote firewall, 10.1.1.6?

Attached is the complete config for the remote router.
memory-size iomem 25

ip subnet-zero

!

no ip dhcp-client network-discovery

!

!

!

interface Multilink1

 description Two T1 Multilink to RTP

 ip address 10.1.10.5 255.255.255.252

 no cdp enable

 ppp multilink

 multilink-group 1

!

interface FastEthernet0

 ip address 10.1.1.1 255.255.255.0

 speed auto

 half-duplex

!

interface Serial0

 no ip address

 encapsulation ppp

 service-module t1 clock source internal

 service-module t1 timeslots 1-24

 ppp multilink

 multilink-group 1

!

interface Serial1

 no ip address

 encapsulation ppp

 ppp multilink

 multilink-group 1

!

router rip

 version 2

 network 10.0.0.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.6

ip route 10.1.2.0 255.255.255.0 10.1.10.6

ip route 192.168.22.0 255.255.255.0 10.1.1.14

ip route 192.168.42.0 255.255.255.0 10.1.1.14

no ip http server

Open in new window

0
 
LVL 7

Expert Comment

by:EmpKent
ID: 24098591
Larry,

Can you post the results of a sh ip route from the remote router?

Kent
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 24098707
Also, debug ip rip.

I think you need to turn RIP off.
0
 

Author Comment

by:larry
ID: 24098909
Sure thing, here's the sh:
Gateway of last resort is 10.1.1.6 to network 0.0.0.0

S    192.168.42.0/24 [1/0] via 10.1.1.14
     10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C       10.1.10.4/30 is directly connected, Multilink1
C       10.1.10.6/32 is directly connected, Multilink1
S       10.1.2.0/24 [1/0] via 10.1.10.6
C       10.1.1.0/24 is directly connected, FastEthernet0
S    192.168.22.0/24 [1/0] via 10.1.1.14
S*   0.0.0.0/0 [1/0] via 10.1.1.6

I'll remove RIP, too...

0
 

Accepted Solution

by:
larry earned 0 total points
ID: 24215306
The problem was two-fold.  The routes should have been going to the remote network not the remote router network.  Also, routes needed to be added to the firewall as that was why they were stopping at the remote router.

Being that I didn't receive any responses after my last post, I would like this question closed.
0
 
LVL 7

Expert Comment

by:EmpKent
ID: 24299337
Sorry Larry, I was out of the country on business and then on vacation in Mexico and had no access so I could not get back to you.

I think you can just request the issue be closed and the point refunded.

Thanks,

Kent
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now