Solved

Cisco Router Help Please

Posted on 2011-03-15
7
264 Views
Last Modified: 2012-05-11
Hopefully quite a simple one to solve (I just can't work it out).

I have two networks with a Cisco 877w router at each site connected via a VPN.  

Site1 (Bromsgrove) =     172.16.0.0     255.255.240.0
Site2 (Bristol) =               172.16.16.0   255.255.240.0

I am testing Bristol's new servers at Bromsgrove and just want them to have a static Bristol IP and be able to access the internet.  I am trying to 'work it' so that once set up and working in Bromsgrove, I can simply re-locate the test servers and they'll work in Bristol (without any reconfig).

Bromsgrove Router IP is 172.16.0.254
&
Bristol Router IP is 172.16.16.254.

I have setup a secondary IP on Bromsgrove router BVI1 of 172.16.16.254, and TEST SERVER1 (172.16.17.10) is able to ping it, but cannot ping the internet (test ping to 4.2.2.2).  If I keep an eye on the ACLs (list 199) it seems to let the ping back in, but I'm guessing it sends the ping reply down the VPN to Bristol and not back to TEST SERVER1 (attached to BVI1).  Note:  The router CAN ping TEST SERVER1.

I have attached the Bromsgrove Router Config.

TEST SERVER1 is setup as follows:

IP:  172.16.17.10
SN:  255.255.240.0
GW:  172.16.16.254

Any help would be much appreciated.

Cheers, Andy
Bromsgrove-Router-Conf.txt
0
Comment
Question by:andrewprouse
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:TekServer
Comment Utility
Well, my experience is limited to fairly small networks, but it looks like you're trying to make the Bromsgrove Router route the 172.16.16.0/20 subnet to both the VPN and a local interface at the same time.  As far as I know, that's not possible - it can do one or the other, but not both at the same time.

Why not just set up two IP addresses on the new server?  You can give it the IP address it needs for its final home on the Bromsgrove network, along with the appropriate default gateway (which should be routed across the VPN while its at Bristol), plus a temporary static IP on the Bristol network.  You can then relocate the server and it should work with no reconfiguration, and you can log on to it later at your leisure and remove the secondary IP address.

hth!
:)
0
 

Author Comment

by:andrewprouse
Comment Utility
That's a pretty good idea to be honest.  If no one else pops up to recommend a Cisco config solution I'll do that.

Thank you.
0
 

Author Comment

by:andrewprouse
Comment Utility
Just found out that I can't do that.  I'm setting up several virtual servers with DNS and failover clusters so I really need to get the correct (final) IP addresses implemented before I start building up clusters etc.

Any ideas how to configure the router to allow this?

Cheers, Andy
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:andrewprouse
Comment Utility
Any ideas...anyone???

Still really need an answer on this....
0
 
LVL 10

Accepted Solution

by:
TekServer earned 500 total points
Comment Utility
Sorry, I have nothing further.  As I said before, as far as I know you can't put the same subnet on two different interfaces (local and VPN in this case) on any router.  Each subnet to which the router has access needs to be unique for routing to work.

There's a LOT of Cisco expertise here on EE, so the lack of response from anyone else might be construed as agreement with me, though I'm sure one of the Zone Superstars (not an official title) will chime in eventually ... ;)

Actually, another possible workaround idea occurs to me:  if you can get your hands on a basic little Linksys (or equivalent) SOHO router - you know, the $50 Walmart special? - you could put it on your network temporarily with the "Internet" interface configured to get a DHCP (or use a static) IP address from your Bromsgrove network, and the "LAN" interface configured as 172.16.16.254.  That way, you could put the new server behind the cheapo router and configure it exactly as it needs to be for its Bristol setup, and it should work and get Internet access.  If anything on the Bristol network needs access to the server you could use port forwarding or hosting options in the little router to handle that.  It won't be able to access anything across the VPN from Bromsgrove to Bristol while it's behind the little router, but it should otherwise be functional and no change would be needed to move it from there to Bristol.

Best I can think of ... hth!
:)
0
 
LVL 10

Expert Comment

by:TekServer
Comment Utility
It occurred to me shortly after I posted ^that^ that there might have been a problem if your DNS server(s) happened to be on the Bristol subnet, but from the router config it looks like your DNS server is elsewhere on the network (172.16.1.2) and that you have OpenDNS (208.637.222.222) set up as your secondary DNS server.  So that wouldn't pose a problem to the above workaround.

:)
0
 
LVL 10

Expert Comment

by:TekServer
Comment Utility
Thanks!  I assume the workaround was successful?  Glad I could help!

:)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now