Simple ip route question

[lfournier]

Before I begin, please forgive me. I don't have much occassion to change anything on our router and am definately a newbie. I have a problem which I believe is fairly simple and yet I cannot get it to work.

We currently have a Cisco 2621, with a T1 on our serial interface. We have recently cancelled our T1 and put in an ADSL line. I want to have the router send packets to the ADSL line instead of the T1. Currently the ip route config looks like this.

ip route 0.0.0.0 0.0.0.0 serial0/0

I did a no ip route 0.0.0.0 0.0.0.0 serial0/0

then I added a new route. The ADSL router from our ISP is connected to Fastethernet0/1 on my router. So I tried both of the following entries

ip route 0.0.0.0 0.0.0.0 fastethernet0/1
and
ip route 0.0.0.0 0.0.0.0 x.x.x.x (IP address of fe0/1)

doing this caused me to lose internet connectivity. I wasn't able to clear the routing table although I tried several different commands and reloaded the router.

In doing some further reading I got the idea that it might not have worked because the T1 was still connected and it was still trying to pick the Serial interface over the Fastethernet interface.

So basically my question is how do I get outgoing packets to go to the new ADSL connection?

Thanks so much in advance for any hints or tips you can provide.

Louanne

 

[JOAMON]

Can you post the complete config of the 2621 router less any passwords??

 

[JOAMON]

When I say cahnge the IP address on every client I only mean the IP address they connect to not the IP address of the PC.

 

[lambent]

Actually you can always ask your ISP about the router setup on customer side.

Did you test the ADSL line before? My best practice on ADSL is to test it with a PC connecting to the ISP device and see if this simple works or not.

 

[lfournier]

Thanks for the additional thoughts on this. I will have to read over your solutions and see if I can figure out what to do. As I said I am really a newbie in this area. I have posted my router config below. Would it help if you could see my pix config too? Let me know. You have been so helpful I don't want to push for too much.

Thanks.

Louanne

Using 1177 out of 29688 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CanadaEdge
!
!
!
!
!
!
ip subnet-zero
no ip source-route
no ip finger
!
!
!
!
interface FastEthernet0/0 (currently connects to my lan)
ip address 216.191.146.81 255.255.255.248
no ip directed-broadcast
speed auto
half-duplex
!
interface Serial0/0 (currently has T1 connected)
ip address 216.191.69.10 255.255.255.252
ip access-group 105 in
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
no ip route-cache
no ip mroute-cache
no fair-queue
no cdp enable
!
interface FastEthernet0/1 (connected to new ADSL router)
ip address 216.191.220.146 255.255.255.248
ip access-group 105 in
no ip directed-broadcast
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 216.191.181.208 255.255.255.240 FastEthernet0/0
ip route 216.191.220.144 255.255.255.248 FastEthernet0/0
no ip http server
!
!
!
end

 

[JOAMON]

OK....
After seeing that config I really think all you need to do is eliminate the 2621 router. There is an access-list 105 applied on two interfaces but no access-list. There is no firewalling or anything else configured on this router. The easiest solution is to take it out of the loop. You should be able to do what I originally suggested......

Originally you needed the router to make the Wan T1 connection on the serial and then the static 8 block was on fastethernet0/1 which connected to PIX ethernet on same ip routeable subnet. Now have ISP device doing this. Think you probably no longer need the 2621. If the ISP equipment ethernet is using the first useable ip of your static 8 block the the second useable ip of the 8 block would then be assigned to the PIX. Connect the 2 directly, change default route in the PIX, and eliminate the 2621.

Is there a sepcific reason why you need to keep the 2621 in service??

 

[JOAMON]

Do not need to see PIX yet.....but what you need to do is change the outside IP address and default route on the PIX. All VPN clients will then need to be told the new address to connect to and modify their client software and finally you will need to change remote routers crypto isakmp keys and crypto map set peer information. There is no way to keep the currnet address as is only valid connecting through the T1 circuit which is going away. Do you use the PIX for just remote clients or do you have site to site connections?

 

[lfournier]

We did previously have site to site connections but they are gone now. I use it only for security and vpn clients. If you really think the router isn't performing any practical function then I guess I can take it out. If there is no remote routers then I wouldn't have to do any of the isakmp stuff right?

Lou

 

[JOAMON]

Correct...only need to tell clients of new IP address they need to connect to.

 

[JOAMON]

Also...

interface FastEthernet0/0 (currently connects to my lan)
ip address 216.191.146.81 255.255.255.248
no ip directed-broadcast
speed auto
half-duplex

This is not the LAN side it is your WAN side. Your LAN connection would be coming of the ethernet on the PIX. Service providers terms can sometimes be mis-leading.

You may have received something like this:
Layer 3 Information:

Local WAN IP: 216.191.220.122
Remote WAN IP (Gateway): 216.191.220.121
WAN Subnet Mask: 255.255.255.252

LAN Subnet: 216.191.220.144
LAN Subnet Mask: 255.255.255.248
Number of Useable IP’s 5
Ethernet Interface IP (Gateway IP for LAN): 216.191.220.145
Range of IP available for assignment: 216.191.220.146 thru .150

What they consider the LAN is actually your WAN. If you read this as from them to you then it makes sense from their point.

 

[JOAMON]

I do not think you need to keep it in service but I would keep hold of it for future use. You could use it at a remote site for VPN site to site or if after you have problems with DSL and decide to change back to T1.

 

[lfournier]

Thank you so much for all of the valuable information. I have stopped freaking out and am now much calmer . I will follow your advice and try this out tonight after hours. I will let you know how it goes. Is there some way I vote for you on here? I saw something about most valuable poster. You have my vote!!

Lou

 

[JOAMON]

In the lower left corner of the box is a thank you link....just click it and follow the steps.

Couple things before proceeding.
Make sure that the DSL router is not performing any NAT or DHCP. Confrim the ethernet address and mask for the DSL router ethernet port. Did you get a static 8 block with the DSL? The ethernet address on the DSL router should be the default route set on the PIX. If 8 block is assigned use one the the ip routeable address on the outside interface of the PIX. This will then become the address for the VPN clients to connect to. Might need to modify security settings to remove old IP settings and replace with new IP settings.

Good Luck

 

[JOAMON]

Can you post the IP information supplied by your DSL provider in regards to the new connection???

 

[JOAMON]

Good Morning...

I have a question...

You mentioned that you have the PIX and ISP router but are there any other devices directly connected to the internet like a mail server, web server. It looks like you have 5 IP addresses on your current IP block on the internet.

 

[JOAMON]

By the way....something does not look right in your config post...

no ip http server
!
!
!
end

There should be additional lines between no ip http server and end....if the only items there are the lines then that is fine. If there is more information can you post?