Solved

Cisco Router Help Please

Posted on 2011-03-15
7
266 Views
Last Modified: 2012-05-11
Hopefully quite a simple one to solve (I just can't work it out).

I have two networks with a Cisco 877w router at each site connected via a VPN.  

Site1 (Bromsgrove) =     172.16.0.0     255.255.240.0
Site2 (Bristol) =               172.16.16.0   255.255.240.0

I am testing Bristol's new servers at Bromsgrove and just want them to have a static Bristol IP and be able to access the internet.  I am trying to 'work it' so that once set up and working in Bromsgrove, I can simply re-locate the test servers and they'll work in Bristol (without any reconfig).

Bromsgrove Router IP is 172.16.0.254
&
Bristol Router IP is 172.16.16.254.

I have setup a secondary IP on Bromsgrove router BVI1 of 172.16.16.254, and TEST SERVER1 (172.16.17.10) is able to ping it, but cannot ping the internet (test ping to 4.2.2.2).  If I keep an eye on the ACLs (list 199) it seems to let the ping back in, but I'm guessing it sends the ping reply down the VPN to Bristol and not back to TEST SERVER1 (attached to BVI1).  Note:  The router CAN ping TEST SERVER1.

I have attached the Bromsgrove Router Config.

TEST SERVER1 is setup as follows:

IP:  172.16.17.10
SN:  255.255.240.0
GW:  172.16.16.254

Any help would be much appreciated.

Cheers, Andy
Bromsgrove-Router-Conf.txt
0
Comment
Question by:andrewprouse
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:TekServer
ID: 35138865
Well, my experience is limited to fairly small networks, but it looks like you're trying to make the Bromsgrove Router route the 172.16.16.0/20 subnet to both the VPN and a local interface at the same time.  As far as I know, that's not possible - it can do one or the other, but not both at the same time.

Why not just set up two IP addresses on the new server?  You can give it the IP address it needs for its final home on the Bromsgrove network, along with the appropriate default gateway (which should be routed across the VPN while its at Bristol), plus a temporary static IP on the Bristol network.  You can then relocate the server and it should work with no reconfiguration, and you can log on to it later at your leisure and remove the secondary IP address.

hth!
:)
0
 

Author Comment

by:andrewprouse
ID: 35138993
That's a pretty good idea to be honest.  If no one else pops up to recommend a Cisco config solution I'll do that.

Thank you.
0
 

Author Comment

by:andrewprouse
ID: 35147370
Just found out that I can't do that.  I'm setting up several virtual servers with DNS and failover clusters so I really need to get the correct (final) IP addresses implemented before I start building up clusters etc.

Any ideas how to configure the router to allow this?

Cheers, Andy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:andrewprouse
ID: 35154734
Any ideas...anyone???

Still really need an answer on this....
0
 
LVL 10

Accepted Solution

by:
TekServer earned 500 total points
ID: 35156739
Sorry, I have nothing further.  As I said before, as far as I know you can't put the same subnet on two different interfaces (local and VPN in this case) on any router.  Each subnet to which the router has access needs to be unique for routing to work.

There's a LOT of Cisco expertise here on EE, so the lack of response from anyone else might be construed as agreement with me, though I'm sure one of the Zone Superstars (not an official title) will chime in eventually ... ;)

Actually, another possible workaround idea occurs to me:  if you can get your hands on a basic little Linksys (or equivalent) SOHO router - you know, the $50 Walmart special? - you could put it on your network temporarily with the "Internet" interface configured to get a DHCP (or use a static) IP address from your Bromsgrove network, and the "LAN" interface configured as 172.16.16.254.  That way, you could put the new server behind the cheapo router and configure it exactly as it needs to be for its Bristol setup, and it should work and get Internet access.  If anything on the Bristol network needs access to the server you could use port forwarding or hosting options in the little router to handle that.  It won't be able to access anything across the VPN from Bromsgrove to Bristol while it's behind the little router, but it should otherwise be functional and no change would be needed to move it from there to Bristol.

Best I can think of ... hth!
:)
0
 
LVL 10

Expert Comment

by:TekServer
ID: 35156802
It occurred to me shortly after I posted ^that^ that there might have been a problem if your DNS server(s) happened to be on the Bristol subnet, but from the router config it looks like your DNS server is elsewhere on the network (172.16.1.2) and that you have OpenDNS (208.637.222.222) set up as your secondary DNS server.  So that wouldn't pose a problem to the above workaround.

:)
0
 
LVL 10

Expert Comment

by:TekServer
ID: 35314687
Thanks!  I assume the workaround was successful?  Glad I could help!

:)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question