Cisco Router Help Please

Hopefully quite a simple one to solve (I just can't work it out).

I have two networks with a Cisco 877w router at each site connected via a VPN.  

Site1 (Bromsgrove) =     172.16.0.0     255.255.240.0
Site2 (Bristol) =               172.16.16.0   255.255.240.0

I am testing Bristol's new servers at Bromsgrove and just want them to have a static Bristol IP and be able to access the internet.  I am trying to 'work it' so that once set up and working in Bromsgrove, I can simply re-locate the test servers and they'll work in Bristol (without any reconfig).

Bromsgrove Router IP is 172.16.0.254
&
Bristol Router IP is 172.16.16.254.

I have setup a secondary IP on Bromsgrove router BVI1 of 172.16.16.254, and TEST SERVER1 (172.16.17.10) is able to ping it, but cannot ping the internet (test ping to 4.2.2.2).  If I keep an eye on the ACLs (list 199) it seems to let the ping back in, but I'm guessing it sends the ping reply down the VPN to Bristol and not back to TEST SERVER1 (attached to BVI1).  Note:  The router CAN ping TEST SERVER1.

I have attached the Bromsgrove Router Config.

TEST SERVER1 is setup as follows:

IP:  172.16.17.10
SN:  255.255.240.0
GW:  172.16.16.254

Any help would be much appreciated.

Cheers, Andy
Bromsgrove-Router-Conf.txt
andrewprouseAsked:
Who is Participating?
 
TekServerConnect With a Mentor Commented:
Sorry, I have nothing further.  As I said before, as far as I know you can't put the same subnet on two different interfaces (local and VPN in this case) on any router.  Each subnet to which the router has access needs to be unique for routing to work.

There's a LOT of Cisco expertise here on EE, so the lack of response from anyone else might be construed as agreement with me, though I'm sure one of the Zone Superstars (not an official title) will chime in eventually ... ;)

Actually, another possible workaround idea occurs to me:  if you can get your hands on a basic little Linksys (or equivalent) SOHO router - you know, the $50 Walmart special? - you could put it on your network temporarily with the "Internet" interface configured to get a DHCP (or use a static) IP address from your Bromsgrove network, and the "LAN" interface configured as 172.16.16.254.  That way, you could put the new server behind the cheapo router and configure it exactly as it needs to be for its Bristol setup, and it should work and get Internet access.  If anything on the Bristol network needs access to the server you could use port forwarding or hosting options in the little router to handle that.  It won't be able to access anything across the VPN from Bromsgrove to Bristol while it's behind the little router, but it should otherwise be functional and no change would be needed to move it from there to Bristol.

Best I can think of ... hth!
:)
0
 
TekServerCommented:
Well, my experience is limited to fairly small networks, but it looks like you're trying to make the Bromsgrove Router route the 172.16.16.0/20 subnet to both the VPN and a local interface at the same time.  As far as I know, that's not possible - it can do one or the other, but not both at the same time.

Why not just set up two IP addresses on the new server?  You can give it the IP address it needs for its final home on the Bromsgrove network, along with the appropriate default gateway (which should be routed across the VPN while its at Bristol), plus a temporary static IP on the Bristol network.  You can then relocate the server and it should work with no reconfiguration, and you can log on to it later at your leisure and remove the secondary IP address.

hth!
:)
0
 
andrewprouseAuthor Commented:
That's a pretty good idea to be honest.  If no one else pops up to recommend a Cisco config solution I'll do that.

Thank you.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
andrewprouseAuthor Commented:
Just found out that I can't do that.  I'm setting up several virtual servers with DNS and failover clusters so I really need to get the correct (final) IP addresses implemented before I start building up clusters etc.

Any ideas how to configure the router to allow this?

Cheers, Andy
0
 
andrewprouseAuthor Commented:
Any ideas...anyone???

Still really need an answer on this....
0
 
TekServerCommented:
It occurred to me shortly after I posted ^that^ that there might have been a problem if your DNS server(s) happened to be on the Bristol subnet, but from the router config it looks like your DNS server is elsewhere on the network (172.16.1.2) and that you have OpenDNS (208.637.222.222) set up as your secondary DNS server.  So that wouldn't pose a problem to the above workaround.

:)
0
 
TekServerCommented:
Thanks!  I assume the workaround was successful?  Glad I could help!

:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.