• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 677
  • Last Modified:

Trouble shooting Point To Point T1

Okay, so let me explain what is going on.

I have configured two Cisco 1841 Routers on a Point to Point T1 line.

I am able to ping across without any issues.

The only time I have issues is when I attempted to access the servers on the other side.

Right now I have no servers in the High School.

I need clients to access the DNS, Exchange. When I type the website URL I'm not able to access the local website. I can ping the URL and get the server address but I cant see the website when I go to it on IE with URL or IP address.

I am also not able to use Outlook to access the exchange server.

Both sites have a Sonicwall which is routing the clients to the other side.

I will post the Config for the HS Router. Which is the same as the MS Router but different IPs.

I also think that I have way to many commands, if anyone can make my config a little more simpler that'd be great.

I think I'm missing a route...
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.1.200 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface Serial0/0/0
 bandwidth 1500
 ip address 192.168.255.1 255.255.248.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 encapsulation ppp
 no fair-queue
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
 !
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
HSRouter#
HSRouter#

Open in new window

0
TonyL82PR
Asked:
TonyL82PR
  • 8
  • 4
  • 2
  • +3
1 Solution
 
jacksch4820Commented:
What can you pin successfully on other side router or server or both
0
 
jacksch4820Commented:
mean ping lol
0
 
TonyL82PRAuthor Commented:
Lol

I can ping everything, servers, access points, firewall, clients, & router.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
tsaicoCommented:
When you ping are you using FQDN, IP, or netbis names?
0
 
TonyL82PRAuthor Commented:
IP

I can also ping with FQDN.
0
 
SommerblinkCommented:
Well, now that we've got it covered that we can ping resources on the other side and that name resolution (the name server was on the other side?) is also working.

What about the sonicwalls? How are they configured at the moment? Since this is a point-to-point connection, could we for testing purposes, drop all rules on the sonicwall entirely for testing purposes, but do one side at a time, so you can figure out where the failure is at, because I suspect it resides there.

Also, I noticed that your point-to-point WAN subnet is HUGE. 192.168.255.1/21. I doubt this is your problem, just I noticed that your network on the LAN side of the MS is only a /24.

A lot of the schools I’ve worked with in the past tend to have a /22 or /23 of RFC1918 space.
0
 
TonyL82PRAuthor Commented:
Yea I just used IPs from a Config I saw on here... Was told doesn't really matter what IPs I use... Should I use a different network for the P2P?

Also right now the sonicwalls are just routing any traffic going to 172.16.0.0/255.255.255.192 (Middle School) to the router 172.16.0.40 (MSRouter)

Sonicwall at HS
192.168.1.0/255.255.255.0 (High School) to 192.168.1.200 (HSRouter)

I'm going to eventually reconfigure the High School to a bigger IP range, right now I'm just setting everything up.

I dont have any servers at the high school yet.

I need to be able to reach the servers at the middle school from the high school.

Right now I'm not able to reach the webserver from the high school. If I remove the Sonicwall routes I won't be able to reach the other side on whatever Sonicwall I remove the routing... Do you think I need to add a rule to the sonicwalls?
0
 
lrmooreCommented:
> service-module t1 clock source internal
Check to make sure you don't have both sides providing clocking. Also check with the telco to make sure they are not providing line clocking. Clocking issues cause large packet problems, but little packets like pings appear fine.
Check with output of "show interface serial 0/0/0

>ip route 0.0.0.0 0.0.0.0 Serial0/0/0
I would also recommend that you point the default route to the local Sonicwall, and add a static for the other side:
 ip route 0.0.0.0 0.0.0.0 192.168.1.1
 ip route 172.16.0.0 255.255.255.192 192.168.255.2

>ip address 192.168.255.1 255.255.248.0
Also highly recommend using bigger mask for the P2P connection
 ip address 192.168.255.1 255.255.255.252

Also make sure you have a route on the Sonicwalls for the remote site.
HS - 172.16.0.0 255.255.255.192 --- point to 192.168.1.200
MS - 192.168.1.0 255.255.255.0 -- point to local 1841 router
The 1841 routers should be the default gateways for all local hosts, not the Sonicwalls..


Also need o see the config for the other side
0
 
SommerblinkCommented:
If big packets are the problem, from a Windows computer you can use the following command to shoot across fatter packets:

ping [fqdn] -l 1400 -f

Open in new window


The -l switch tells it to shoot out a 1400 byte packet. The -f switch tells it to not fragment. This should shoot across without any problems, but if it does not then you will need to shrink it until it stops complaining.
0
 
gsmartinCommented:
Without going through everyone elses replies, here's what stands out to me from a configuration and architectual perspective.  

1) P2P T1: Both routers connected to the T1 your Serial Interface should be using a 30-bit (255.255.255.252) subnet mask.  
2) DNS: IP Helper-address commands missing on Fast Ethernet Interface that should be point to the IP address(es) of the primary and secondary DNS (and WINS servers if required).
3) Static Route(s):  Your static route is sending all traffic one direction (creating a routing loop).  You need to be more specific of what networks are located out which interfaces.
Note: Routers main function is to determine for which connected interfaces it needs to direct traffic through to get to a specified network.  In other words, which networks are connected to on the other side of your Serial interface and which networks are connected on the other side of your Fast Ethernet interface.
4) Sonicwall:  Not sure why you are using firewalls to route traffic, especially on a point-to-point.  A router is intended to route traffic and a firewall is used to filter and secure network traffic. If you require securing traffic I recommend using VLANs and ACLs.

OFF TOPIC:
Just to give a highlight of my experience in relation to your scenario, I have re-desigined, configured, and implemented a new IP, IPX/SPX, and AppleTalk addressing scheme for an entire school district's WAN and LANs (High School, Intermediate, Elementry, and other school services) with over 70+ P2P T1's, and including intervlan routing for all traffic types, etc...

One thing I picked up during that project (directly from Cisco) was a scalable IP addressing scheme.
    LAN:   10.SITE.VLAN.HOST /24   (Allows for better IP Management)
    WAN:  10.0.SITE.HOST /30
This IP addressing design is very scalable especially in scenarios where you require allot of addresses like with student networks.  You want to keep those networks no larger than a 24-bit subnet mask to control your broadcast domains and for security purposes, as well.  In my design, I was dealing with very large IDF locations within each school especially with the High Schools.  So, I   segmented (VLAN'd) each IDF location with at least one or more VLANs.          

ON TOPIC:
I am not sure of your overall network architechture to better understand how the Sonicwalls fit in.  Does each site have it's own Internet Access or are they supposed to route out to a specific site.   Where does the Exchange, DNS, AD servers reside (Which network and off of which Interface)?
With most architectures it's best to centralize services like Internet, mail, DNS, etc... In which, you should be able to reduce and eliminate the need for a firewall at each site.  If each site has it's own Internet connection (assuming) this complicates your network architechture, especially for troubleshooting and management; as well as increases your overall cost for hardwae and support.

Depending on your topology and the number of schools that are connected together, implementing EIGRP could help better manage your routes, and keep the static route for 'Gateway of Last Resort'.  You use EIGRP between Serial Interfaces and make Fast Ethernet Interfaces Passive.

Otherwise, if you still prefer static routes then you need to make sure you identify and add specific routes for networks that are located off of each interface (Serial or Fast Ethernet).

It's important when troubleshooting this to reference your IP Routing table (sh ip route) and describe your entire network topology so we can better understand the overall picture.
0
 
TonyL82PRAuthor Commented:
Okay,

At this point I would rather just start with a fresh config.

I'll explain my network.

I'll start with the Middle School (MS):

The MS has its own internet.

The MS has the AD, DNS, Exchange, etc... (I only have servers at the MS which needs to be access by the HS via the P2P T1)
The middle school has a Sonicwall, its our content filter & gateway.

MS IP 172.16.0.0/26 (255.255.255.192)
MS Sonicwall: 172.16.0.254
MS Web Server: 172.16.0.253 (I can ping this from the HS but I can't actually load the website)
MS DNS Server: 172.16.0.2
MS P2P Cisco Router (MSRouter:) 172.16.0.40

High School Network

High School have their own internet.

I currently do not have any servers at the high school, reason why I need to access the MS servers via the P2P T1 line.

HS Network: 192.168.1.0\24 (255.255.255.0) I plan on changing the IP scheme during the winter break.
HS Cisco P2P Router (HSRouter): 192.168.1.200
HS Sonicwall: 192.168.1.254

All I need is to be able to transfer data across the P2P T1 Line.

If you can help me I'd greatly appreciate it.

I would post my configs, but I rather just start all over, as I've made a significant amount of changes trying to figure this out. >.<

Thank you to everyone for all your help!!!



0
 
TonyL82PRAuthor Commented:
Sorry the MS Subtnet Mask is 255.255.192.0
0
 
TonyL82PRAuthor Commented:
Okay so with the current configuration I noticed something.

I think I'm missing a route somewhere.... Maybe you can help me out.

I can ping the MS Sonicwall (172.16.0.254) from a HS PC, but I can't ping the Ms Sonicwall from the Cisco HSRouter.

Same for the other side, I can ping the HS Sonicwall (192.168.1.254) from a MS PC, but I can't ping the HS Sonicwall from the MS Cisco Router.

HSRouter Config:
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.1.200 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface Serial0/0/0
 bandwidth 1500
 ip address 192.168.255.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 encapsulation ppp
 no fair-queue
 service-module t1 clock source internal
 service-module t1 timeslots 1-24
 !
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
access-list 23 permit 10.10.10.0 0.0.0.7
!

Open in new window


MSRouter Config:
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 172.16.0.40 255.255.192.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface Serial0/0/0
 ip address 192.168.255.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 no fair-queue
 !
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
access-list 23 permit 10.10.10.0 0.0.0.7
!

Open in new window


Not sure what is going... >.<

Loosing my mind here... o.0
0
 
gsmartinCommented:
Tony,

Sorry for the delayed reply.  I have put together a visio diagram to provide a visual perspective of your network.  Please verify the topology is layed out properly.  Otherwise, I will make corrections; if needed.  

Based on the topology I have outline in the picture, I included some configuration options  (Static only or EIGRP w/ Static routing).  Either option will work.  EIGRP is not necessary given your small network topology, but I included as an option.

Note 'ip helper-address' is used to direct and relay DHCP, DNS, WINS, and other broadcast domain traffic to point to the appropriate domain controllers (supporting the respective services).

Note using ip route statements (i.e. ip route 0.0.0.0 0.0.0.0 serial0/0/0) are typically used for Gateway of Last Resort traffic.  In addition, you should point traffic to an IP address rather than directing it out of an Interface, which ensures proper routing.  Router's basic function is to use specific routes in order to properly determine how to get to a specified subnet.

This also applies to firewalls that are being used to route traffic.  You need to ensure they are also appropriately directing traffic to a specified ip in order to get to a specified network.

Let me know if this helps.
EE-School-Network-Routing-Issue.jpg
0
 
TonyL82PRAuthor Commented:
gsmartin, I have to say that is an awesome diagram there, thanks for the response!

Everything looks good except minor IP differences, which is not like I gave you all the info so its not expect to be accurate.

The Middle School Firewall is 172.16.0.254

The Exchange is 172.16.0.3

The Web server IP (172.16.0.253) is correct but its also our DC, AD.

The DNS is 172.16.0.2 and its roles are DNS & DHCP (For Middle School)

I'll try to make the changes to the routers this afternoon and let you know how it goes, I appreciate your detailed response!

Keep you posted!
0
 
gsmartinCommented:
Thanks for the positive feedback.  Illistrating the topology usually helps the overall planning of the architecture.  Sorry, that was a typo on the MS firewall...that I carried into the configuration.  Here's an updated version with the corrections you noted.
EE-School-Network-Routing-Issue.jpg
0
 
TonyL82PRAuthor Commented:
Your a life saver!

Thanks to everyone for all your help!
0
 
gsmartinCommented:
Awesome!  I am glad everything worked out!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now