Connect two router with different wan port

We have two cisco 2811 router. Router R1 config is

ip access-list standard 7
 10 permit 192.168.11.0 0.0.0.255
 exit
interface fastethernet0
 ip address 220.227.159.117 255.255.255.252
 load-interval 30
 ip nat outside
 exit
interface fastethernet1
 ip address 115.249.110.97 255.255.255.224
 ip address 192.168.11.1 255.255.255.0 secondary
load-interval 30
 ip nat inside
 exit
ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
ip route 0.0.0.0 0.0.0.0 220.227.159.118

Router R2 config is
ip dhcp pool ccp-pool1
   import all
   network 192.168.48.0 255.255.252.0
   dns-server 208.67.222.222 208.67.220.220
   default-router 192.168.48.1
   lease infinite
interface FastEthernet0/0
 description WAN port
 ip address 115.249.19.29 255.255.255.252
 ip flow egress
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Internal LAN$ES_LAN$
 ip address 192.168.48.1 255.255.252.0 secondary
 ip address 192.168.9.1 255.255.255.0 secondary
 ip address 115.249.110.65 255.255.255.224
 ip access-group 100 in
 ip flow ingress
 ip nat inside
 duplex auto
 speed auto
ip classless
ip route 0.0.0.0 0.0.0.0 115.249.19.30
ip flow-export version 5
ip flow-export destination 115.249.110.100 2055
!
ip http server
ip http authentication local
ip nat pool ovrld 115.249.19.29 115.249.19.29 netmask 255.255.255.252
ip nat inside source list 1 pool ovrld overload
ip nat inside source list 2 interface FastEthernet0/0 overload
!
!
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 2 permit 192.168.48.0 0.0.3.255
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 deny   tcp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 deny   udp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 permit ip 192.168.48.0 0.0.3.255 any
access-list 100 permit udp any host 255.255.255.255 eq bootps
access-list 100 permit udp any host 255.255.255.255 eq bootpc
access-list 100 permit ip 192.168.9.0 0.0.0.255 any
access-list 100 permit ip 115.249.110.64 0.0.0.31 any

Now we want that both router's internal ip ping each other like 192.168.48.0, 192.168.9.0 and static pool can ping to 192.168.11.0 and static pool of other router. please provide the command for this
R1.txt
r2.txt
ManojtanwarAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
I'm assuming you've set up or added WAN addresses through your ISP. in which case they would have assigned WAN IPs for the connection. If not, start with them.
The current WAN IPs you have for both sites are not within the same subnet and there can't be a direct route between the routers without setting up a tunnel
Your ISP may need to setup private transport or Ethernet Handoff between the sites


Which WAN Ports connect both sites?
For Router 1
Local IPs
ip address 192.168.11.1 255.255.255.0 secondary
ip address 115.249.110.97 255.255.255.224

Route needed
ip route 192.168.48.0 255.255.252.0 115.249.110.X
ip route 192.168.9.0 255.255.255.0 115.249.110.65


For Router 2
Local IPs
 ip address 115.249.110.65 255.255.255.224
ip address 192.168.48.1 255.255.252.0 secondary
 ip address 192.168.9.1 255.255.255.0 secondary

Route needed
ip route 192.168.11.1 255.255.255.0 115.249.110.Y


Where 115.249.110.X and 115.249.110.Y would be on the same subnet and configured on Router 2 and Router 1 respectively.
ManojtanwarAuthor Commented:
I can do one thing both lan port of the router can terminate in 24 port switch. Both router are 200 Meter away only.

Then i can i apply this route and this route affect the earlier ip route?

thanks

Manoj
AkinsdNetwork AdministratorCommented:
That should work also
You can use a /30 (Point to Point ) private IP for the link
eg 172.16.0.0 255.255.255.252
Router 1 can be 172.16.0.1 while router 2 would be 172.16.0.2
Your routes would then be
Router 1
ip route 192.168.48.0 255.255.252.0 172.16.0.2
ip route 192.168.9.0 255.255.255.0 172.16.0.2

Router 2
Route needed
ip route 192.168.11.1 255.255.255.0 172.16.0.1
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

ManojtanwarAuthor Commented:
If I give this ip route it replace existing route or not. It effect the Internet access route of router given by ISp please tell sorry I am not expert in this please don't mind
AkinsdNetwork AdministratorCommented:
No it doesn't affect internet access.
The destinations are not the same.
Default routes are used when no specific destination is specified. Moreover, internet addresses are public addresses and the address specified is a private address. You can read more on public and private addresses here
https://technet.microsoft.com/en-us/library/cc958825.aspx 

For Class A 10.0.0.0/8: 10.0.0.1 to 10.255.255.254.
For Class B 172.16.0.0/12: 172.16.0.1 to 172.31.255.254.
For Class C 192.168.0.0/16: 192.168.0.1 to 192.168.255.254.
   
Public addresses can be accessed directly from any computer. They are unique eg 4.2.2.2.
Private addresses would require NAT translations (port forwarding) to be accessible. They will be dropped automatically by the ISP

Back to your route question.
You only have 1 route statement manually configured on Router 1 because only 1 subnet exist
You also only have 1 route statement manually configured on Router 2 even though 2 subnets exist, but are hosted on the same router. It hosts the 2 subnets and already knows where they are. A show IP route command would indicate them as connected routes
Any address not found in a routing table would be forwarded to the default route. Consider this gateway as your main exit out of your network.

Whenever Router 1 sees destinations with ip address 192.168.48.x, it would know, because you told it, to send it to Router 2. You also told it to go through the interface ??? that connects it to Router 2
ip route 192.168.9.0 255.255.255.0 172.16.0.2 simply means For any destination address that fall within 192.168.9.1 through 192.168.9.254, send that traffic out of the interface connected to 172.16.0.2. The interface in this case is 172.16.0.1
ip route 0.0.0.0 0.0.0.0 115.249.19.30 means, for any destination not specified in the routing table, send those out to 115.249.19.30 (ISP's address) through 115.249.19.29 (the interface that connects to the ISP)

I hope this helps
ManojtanwarAuthor Commented:
when put ip route put r2

Router(config)#ip route 192.168.11.1 255.255.255.0 172.16.0.1
%Inconsistent address and mask
Router(config)#

this message shows
how to remove this
Help
AkinsdNetwork AdministratorCommented:
If you got the error, it probably did not accept the command
But just in case

no ip route 192.168.11.1 255.255.255.0 172.16.0.1
ip route 192.168.11.0 255.255.255.0 172.16.0.1
ManojtanwarAuthor Commented:
i do it but no ping does i have to edit access-list 100 to permit 172.16.0.0 or else
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 deny   tcp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 deny   udp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 permit ip 192.168.48.0 0.0.3.255 any
access-list 100 permit udp any host 255.255.255.255 eq bootps
access-list 100 permit udp any host 255.255.255.255 eq bootpc
access-list 100 permit ip 192.168.9.0 0.0.0.255 any
access-list 100 permit ip 115.249.110.64 0.0.0.31 any
AkinsdNetwork AdministratorCommented:
Did you configure the IP on on interface on both routers?
Post the config for the interfaces and also result of show ip route for both routers

You can add permit statements for 192.168.11.0 on access list 100
ManojtanwarAuthor Commented:
please find the config of the router

interface fastethernet0
 ip address 220.227.159.117 255.255.255.252
 load-interval 30
 ip nat outside
 exit


interface fastethernet1
 ip address 115.249.110.97 255.255.255.224
 ip address 192.168.11.1 255.255.255.0 secondary
 ip address 172.16.0.2 255.255.255.252 secondary
 load-interval 30
 ip nat inside
 exit

ip nat pool ovrld 220.227.159.117 220.227.159.117 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload

ip route 0.0.0.0 0.0.0.0 220.227.159.118
ip route 192.168.11.0 255.255.255.0 172.16.0.1


interface FastEthernet0/0
 description WAN port
 ip address 115.249.19.29 255.255.255.252
 ip flow egress
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Internal LAN$ES_LAN$
 ip address 192.168.48.1 255.255.252.0 secondary
 ip address 192.168.9.1 255.255.255.0 secondary
 ip address 172.16.0.1 255.255.255.252 secondary
 ip address 115.249.110.65 255.255.255.224
 ip access-group 100 in

ip route 0.0.0.0 0.0.0.0 115.249.19.30
ip route 192.168.9.0 255.255.255.0 172.16.0.2
ip route 192.168.48.0 255.255.252.0 172.16.0.2
AkinsdNetwork AdministratorCommented:
Your route statements need to be switched

interface fastethernet1
 ip address 115.249.110.97 255.255.255.224
ip address 192.168.11.1 255.255.255.0 secondary
 ip address 172.16.0.2 255.255.255.252 secondary

ip route 0.0.0.0 0.0.0.0 220.227.159.118
ip route 192.168.11.0 255.255.255.0 172.16.0.1

You are telling the router to go to another router for an address that's in its territory. It will ignore it anyway since the connected route for 192.168.11.0 supersedes the one you configured

Switch the destination addresses
eg for Router 1
no ip route 192.168.11.0 255.255.255.0 172.16.0.1
ip route 192.168.9.0 255.255.255.0 172.16.0.1
ip route 192.168.48.0 255.255.252.0 172.16.0.1

For router 2
no ip route 192.168.9.0 255.255.255.0 172.16.0.2
no ip route 192.168.48.0 255.255.252.0 172.16.0.2
ip route 192.168.11.0 255.255.255.0 172.16.0.2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ManojtanwarAuthor Commented:
still not working config is as follows

interface FastEthernet0/1
 description Internal LAN$ES_LAN$
 ip address 192.168.11.10 255.255.255.0 secondary
 ip address 172.16.0.2 255.255.255.252 secondary
 ip adip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 220.227.159.118
ip route 192.168.9.0 255.255.255.0 172.16.0.1
ip route 192.168.48.0 255.255.252.0 172.16.0.1

Second router
ip address 192.168.48.1 255.255.252.0 secondary
 ip address 192.168.9.1 255.255.255.0 secondary
 ip address 172.16.0.1 255.255.255.252 secondary
 ip address 115.249.110.65 255.255.255.224
 ip access-group 100 in
ip route 0.0.0.0 0.0.0.0 115.249.19.30
ip route 192.168.11.0 255.255.255.0 172.16.0.2

ip nat pool ovrld 115.249.19.29 115.249.19.29 netmask 255.255.255.252
ip nat inside source list 1 pool ovrld overload
ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source list 3 interface FastEthernet0/0 overload
!

access-list 1 permit 192.168.9.0 0.0.0.255
access-list 2 permit 192.168.48.0 0.0.3.255
access-list 3 permit 172.16.0.0 0.0.0.3
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.222 eq domain
access-list 100 permit tcp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 permit udp 192.168.48.0 0.0.3.255 host 208.67.222.220 eq domain
access-list 100 deny   tcp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 deny   udp 192.168.48.0 0.0.3.255 any eq domain
access-list 100 permit ip 192.168.48.0 0.0.3.255 any
access-list 100 permit udp any host 255.255.255.255 eq bootps
access-list 100 permit udp any host 255.255.255.255 eq bootpc
access-list 100 permit ip 192.168.9.0 0.0.0.255 any
access-list 100 permit ip 115.249.110.64 0.0.0.31 any
access-list 100 permit ip 172.16.0.0 0.0.0.3 any

now what to do
ManojtanwarAuthor Commented:
I drop ip access-group 100 in then i can ping please modify the ip access-group 100.
As seen i try but not successfull.
thanks
AkinsdNetwork AdministratorCommented:
I'm assuming you're still having issues

Did you add permit statement for 192.168.11.0 0.0.0.255 in acl 100?
ManojtanwarAuthor Commented:
i did it sir i can ping each other

thanks

if i give 172.16.0.1 and 2 two both router wan port it will also work ?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.