remote location cannot access web

[superjett]

I've worked on it (not so good at routing) and had our consultant come in and he's thinking it's our new Sonicwall blocking the traffic (he's decent on Cisco) but I'd like to post this for some review to make sure we're setup properly between the routers.

internet IP

Sonicwall 10.5.80.80

main location 10.5.0.0/16 network

Cisco 2621 10.5.101.1 eth0 to 172.16.1.2 ser0

Cisco 2621 172.16.1.1 ser0 to 10.6.101.1 eth0

remote location 10.6.0.0/16 network

For the main location, I have everyone's gateway set to the sonicwall 10.5.80.80 and a static route in it for the 10.6 network pointing to the 10.5.101.1 router as gateway.

The remote location computers can ping 10.5 ip's, but not the web. The router cannot ping anything.

10.5.101.1 main location routes:
Gateway of last resort is 10.5.80.80 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
10.0.0.0/16 is subnetted, 2 subnets
R 10.6.0.0 [120/1] via 172.16.1.1, 00:00:00, Serial0/0
C 10.5.0.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.5.80.80


10.6.101.1 remote location routes:
Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
10.0.0.0/16 is subnetted, 2 subnets
C 10.6.0.0 is directly connected, FastEthernet0/0
R 10.5.0.0 [120/1] via 172.16.1.2, Serial0/0


I feel like the remote location router should have a gateway of last resort set.

I'm also thinking now that we could have the routers set as they used to be where they are the default gateway for everyone's pc's and the 10.5.101.1 just directs all other traffic to the 10.5.80.80 firewall.

Any suggestions?

 

[KiscoKid]

I can understand how the remote location wouldn't be able to get to the web because it hasn't got a default route pointing to the web gateway (presumably the sonicwall). This assumes of course that the remote users are not using a proxy server (based on the 10.5.x.x network). In which case, you'll only need a route to the 10.5.x.x network which you have.

If you don't use a proxy server for Internet access, try putting a gateway of last resort on the remote router and point it to the next-hop address of the primary site router.

Potentially the remote router can't ping anyone on 10.5.x.x is likely because his source address is a 172.16.x.x address but the clients at the primary site are told to default route to the Sonicwall who, from what you've outlined, doesn't have a route for 172.16.x.x

You can try an extended ping from the router (using the LAN address) to see if this is the case.

Hope this helps

 

[superjett]

It's resolved.

We had tried several configurations with the gateway of last resort but none had worked so the above config was not the final set.

In the end, the 10.6.101.1 router has 10.5.101.1 (ethernet interface on the other end) set as it's last resort and the 10.5.101.1 has the Sonicwall as it's last resort.

The problem was configuring the Sonicwall to allow both the 10.6.0.0 and 172.16.1.0 subnets access which required a few phone calls and an hour or two on the phone with them to get it configured properly. What a pain!