My company has 2 locations connecting through a point to point T1 connection. Recently at the new location just install new internet connection, but i can't get the remote location to connect to the internet from the main site. The main site accesses the internet through a full T1 which is connected to a 1720 router which then goes into a sonicwall firewall which all the internal hosts are using for a gateway (sonicall). From the sonicwall i can ping the remote router and hosts and vice versa, but from the remote router I can't ping out to the internet. any clues. My ideal configuration will be let remote office connected to internet from the sonicwall. Any ideas for troubleshooting, thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Network Infrastructure
- Thread starter 12122053
- Start date
I think what you'll want to do is at your remote branch, set the new router (that goes to the internet connection) as the default gateway for that branch, and then put a route on it pointing to the other router for anything wanting to get to the Head branch.
Take a look at any doc's you have this is just a quick off the top thought.
good luck
Take a look at any doc's you have this is just a quick off the top thought.
good luck
- Thread starter
- #3
Internet
|
|
Cisco 1721(Mainoffice 10.10.10.x) |
| |
| |
Sonicwall(firewall) |
| |(Remote Office)
Switch---Router 1 ---pointtopoint T1---Router 2
|
|
|
Clients from mainoffice access the internet through the sonicwall as their gateway. I'm trying to connect clients from remote office to the internet. Router and clients from remote office can ping the internal gateway address on the sonicwall (which has nat enable not the cisco 1721)but can't ping any routeable internet addresses. The sonicwall can ping remote office router and clients just fine. I think there is a gateway issue. Does router 2 need to know about the cisco 1721? Router 2 is dynamically connected via rip to router 1. Before remote office couldn't even ping the internal ip of the sonicwall, I added a static route in the sonicwall now able to ping. Any suggestions, thanks alot who helps.
|
|
Cisco 1721(Mainoffice 10.10.10.x) |
| |
| |
Sonicwall(firewall) |
| |(Remote Office)
Switch---Router 1 ---pointtopoint T1---Router 2
|
|
|
Clients from mainoffice access the internet through the sonicwall as their gateway. I'm trying to connect clients from remote office to the internet. Router and clients from remote office can ping the internal gateway address on the sonicwall (which has nat enable not the cisco 1721)but can't ping any routeable internet addresses. The sonicwall can ping remote office router and clients just fine. I think there is a gateway issue. Does router 2 need to know about the cisco 1721? Router 2 is dynamically connected via rip to router 1. Before remote office couldn't even ping the internal ip of the sonicwall, I added a static route in the sonicwall now able to ping. Any suggestions, thanks alot who helps.
I would configure Router 1 with a static route to your remote network and vice versa. Running RIP across the T1 is not doing your performance much good and unless you are running multiple subnets on your head office and remote LAN isn't saving you much configuration anyhow. Configure Router one with static routes to any local subnets or remote subnets and point the Gateway of last resort to the firewall.
Configure Static routes to any local subnets on router two and point the Gateway of Last Resort to Router 1.
This is how I have my network setup and it works well. If you need to keep RIP I would ensure that you block RIP transmissions on your firewall. I would still configure a Gateway Of LAst Resort pointing to your firewall on Router 1.
Configure Static routes to any local subnets on router two and point the Gateway of Last Resort to Router 1.
This is how I have my network setup and it works well. If you need to keep RIP I would ensure that you block RIP transmissions on your firewall. I would still configure a Gateway Of LAst Resort pointing to your firewall on Router 1.
- Thread starter
- #5
If router 2's default route is router 1 and router 1's is the Sonic wall, which has the 1721 as it's default gateway, then no. Since router 2 can get a reply from the Sonic wall's internal interface.
I would start to look at the Sonic wall's rulebase, is there a rule that'll let them (remote net) out, also are they being NAT'd?
good luck
I would start to look at the Sonic wall's rulebase, is there a rule that'll let them (remote net) out, also are they being NAT'd?
good luck
Ok, let's stop the madness.
Rule # 1 Look at the routing tables. (show ip route)
Do the routing tables show all routes and one
leading to the 1720 router address?
If you are using RIP and managed to stay inside the classful boundaries you won't need a gateway of last resort. (This isn't to say it is not good idea to have one, it is ALWAYS a good idea to have one). Let me cover Classful Boundaries (because RIP uses Classful Boundaries)a small bit.
Say On router1 you are using ip address 10.30.1.1/16 on the serial0 interface. On Router2 serial0 interface (connecting to router1) you have 10.30.1.2/16 , however, on serial1 of router2 you have 172.16.1.12/16. You are now running into problems, you just went outside the Calssful boundary of 10.30.0.0/16 routing updates to and from 172 route are going to need help, this is where Gateway of last resort and static route maps help.
You most likely have a classful boundary showing all your possible routes. But like I said check and see what a show ip route will give you from your Router2?
If you have all routes showing and can ping the 1720 intranet side of the network then you know you have a clean access to this point and all problems are starting (or ending to be funny) with the 1720.
You said you have a the 1720 performing NAT, I would be willing to bet money that the new group of users from Router2 aren't set-up with an address pool to be translated out of the 1720.
Rule # 1 Look at the routing tables. (show ip route)
Do the routing tables show all routes and one
leading to the 1720 router address?
If you are using RIP and managed to stay inside the classful boundaries you won't need a gateway of last resort. (This isn't to say it is not good idea to have one, it is ALWAYS a good idea to have one). Let me cover Classful Boundaries (because RIP uses Classful Boundaries)a small bit.
Say On router1 you are using ip address 10.30.1.1/16 on the serial0 interface. On Router2 serial0 interface (connecting to router1) you have 10.30.1.2/16 , however, on serial1 of router2 you have 172.16.1.12/16. You are now running into problems, you just went outside the Calssful boundary of 10.30.0.0/16 routing updates to and from 172 route are going to need help, this is where Gateway of last resort and static route maps help.
You most likely have a classful boundary showing all your possible routes. But like I said check and see what a show ip route will give you from your Router2?
If you have all routes showing and can ping the 1720 intranet side of the network then you know you have a clean access to this point and all problems are starting (or ending to be funny) with the 1720.
You said you have a the 1720 performing NAT, I would be willing to bet money that the new group of users from Router2 aren't set-up with an address pool to be translated out of the 1720.
- Status
Similar threads
- Locked
- Question
- Locked
- Question