I've got a couple of 2610's proving WAN access between two subnets on two sites across a private leased line. They were setup by a third party before I arrived at the company.
Having just installed a PIX Firewall in one of the subnets (192.0.3), I need to allow DNS and FTP traffic from the other subnet (192.0.2) out through the Firewall.
Predictably (as you'll see from the config) then, when I do a trace route on an external server from the 192.0.2 subnet, I get a destinaton host unreachable error returned. Or a DNS timeout if I do an nslookup.
The config is below, I think all I need to add is;
ip route 0.0.0.0 192.168.37.1
Is this correct? (BTW the below is for the router in the 192.0.2 subnet)
Asta_Telford#sh conf
Using 1611 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Asta_Telford
!
enable password 7 03216808273B2B5816
!
!
class-map VoIP-Signalling
match access-group 198
class-map VoIP-Traffic
match access-group 199
!
!
policy-map VoIP-policy
class VoIP-Traffic
priority 100
class VoIP-Signalling
bandwidth 8
class class-default
fair-queue
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
!
!
interface Multilink1
bandwidth 1024
ip address 192.168.37.2 255.255.255.252
ip tcp header-compression iphc-format
no ip mroute-cache
service-policy output VoIP-policy
no cdp enable
ppp multilink
ppp multilink fragment-delay 10
ppp multilink interleave
multilink-group 1
ip rtp header-compression iphc-format
!
interface FastEthernet0/0
description *** Telford LAN ***
ip address 192.0.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description *** 1Mb Link to Thame ***
bandwidth 1024
no ip address
encapsulation ppp
no fair-queue
ppp multilink
multilink-group 1
!
ip classless
ip route 192.0.3.0 255.255.255.0 192.168.37.1
ip http server
!
access-list 198 permit tcp any eq 1720 any
access-list 198 permit tcp any any eq 1720
access-list 199 permit udp any any range 16384 37276
Thanks in advance.
JC
Having just installed a PIX Firewall in one of the subnets (192.0.3), I need to allow DNS and FTP traffic from the other subnet (192.0.2) out through the Firewall.
Predictably (as you'll see from the config) then, when I do a trace route on an external server from the 192.0.2 subnet, I get a destinaton host unreachable error returned. Or a DNS timeout if I do an nslookup.
The config is below, I think all I need to add is;
ip route 0.0.0.0 192.168.37.1
Is this correct? (BTW the below is for the router in the 192.0.2 subnet)
Asta_Telford#sh conf
Using 1611 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Asta_Telford
!
enable password 7 03216808273B2B5816
!
!
class-map VoIP-Signalling
match access-group 198
class-map VoIP-Traffic
match access-group 199
!
!
policy-map VoIP-policy
class VoIP-Traffic
priority 100
class VoIP-Signalling
bandwidth 8
class class-default
fair-queue
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
!
!
interface Multilink1
bandwidth 1024
ip address 192.168.37.2 255.255.255.252
ip tcp header-compression iphc-format
no ip mroute-cache
service-policy output VoIP-policy
no cdp enable
ppp multilink
ppp multilink fragment-delay 10
ppp multilink interleave
multilink-group 1
ip rtp header-compression iphc-format
!
interface FastEthernet0/0
description *** Telford LAN ***
ip address 192.0.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description *** 1Mb Link to Thame ***
bandwidth 1024
no ip address
encapsulation ppp
no fair-queue
ppp multilink
multilink-group 1
!
ip classless
ip route 192.0.3.0 255.255.255.0 192.168.37.1
ip http server
!
access-list 198 permit tcp any eq 1720 any
access-list 198 permit tcp any any eq 1720
access-list 199 permit udp any any range 16384 37276
Thanks in advance.
JC
