Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
0
Helpful
9
Replies

Internet Access Extended to a remote site

arthurjjjc
Level 1
Level 1

‎01-11-2005 10:59 PM - edited ‎03-02-2019 09:01 PM

Hi,

I need help in allowing the internet to access by our warehouse.

Scenario 1:

We have three routers installed

1. Internet Router

2. Head office to Warehouse interconnection

3. Warehouse to head office interconnection

Scenario 2:

Internet router and (Head office to Warehouse router) were connected via switch that means it is located on the same network.

Scenarion 3:

(Head office to Warehouse router) and (Warehouse router to Head office) were connected via leased line..

Is there any configuration that i need in order for the internet router to be accessed by our warehouse?

Labels:
0 Helpful
9 Replies 9

arthurjjjc
Level 1
Level 1

‎01-11-2005 11:10 PM

Below were the configuration of the following routers:

Internet Router:

Current configuration : 2509 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Kudu

!

enable secret xxxxx

!

username nourmaint password xxxx

username kudu password xxxx

ip subnet-zero

!

!

ip name-server 212.12.160.2

ip name-server 212.12.160.3

!

ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

!

!

!

!

interface Ethernet0

ip address x.x.x.x 255.255.255.240

ip access-group viruses in

ip access-group viruses out

ip nat outside

rate-limit input 256000 16000 16000 conform-action continue exceed-action drop

rate-limit output 256000 16000 16000 conform-action continue exceed-action drop

half-duplex

!

interface FastEthernet0

ip address 192.168.0.x 255.255.255.0

ip nat inside

speed auto

!

ip nat inside source static 192.168.0.16 x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip nat inside source static 192.168.0.x x.x.x.x

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.x

no ip http server

ip pim bidir-enable

!

!

ip access-list extended viruses

deny tcp any any eq 135

deny tcp any any eq 137

deny tcp any any eq 139

deny tcp any any eq 445

deny udp any any eq 445

deny udp any any eq netbios-ss

deny udp any any eq netbios-ns

deny udp any eq netbios-ns any

deny udp any eq netbios-ss any

deny udp any eq 445 any

deny tcp any eq 137 any

deny tcp any eq 135 any

deny tcp any eq 139 any

deny tcp any eq 445 any

permit ip any 212.x.x.0 0.0.0.255

permit ip 212.x.x.0 0.0.0.255 any

deny ip any any log

!

access-list 115 deny tcp any eq 135 any

access-list 115 deny icmp any any

access-list 115 deny udp any any eq tftp

access-list 115 deny tcp any any eq 135

access-list 115 deny udp any any eq 135

access-list 115 deny udp any any eq netbios-ns

access-list 115 deny udp any any eq netbios-dgm

access-list 115 deny tcp any any eq 139

access-list 115 deny udp any any eq netbios-ss

access-list 115 deny tcp any any eq 445

access-list 115 deny tcp any any eq 593

access-list 115 deny tcp any any eq 4444

access-list 115 permit ip any any

Head Office To Warehouse Router:

hostname kudu-hq

interface FastEthernet0

ip address 192.168.0.3 255.255.255.0 secondary

ip address 10.10.1.3 255.255.255.0

speed auto

!

interface Serial0

bandwidth 128000

ip address 172.17.17.1 255.255.255.252

no fair-queue

!

interface Serial1

bandwidth 128000

ip address 172.17.17.5 255.255.255.252

no fair-queue

!

router rip

version 2

network 10.0.0.0

network 172.17.0.0

network 192.168.0.0

no auto-summary

Warehouse To Head Office Router:

kudu-wh>en

Password:

kudu-wh#sh run

Building configuration...

Current configuration : 763 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname kudu-wh

!

enable secret xxxx

!

username xxx password xxxx

username nourmaint password xxxx

ip subnet-zero

!

!

!

!

!

!

!

interface FastEthernet0

ip address 10.10.0.1 255.255.255.0 secondary

ip address 192.168.1.1 255.255.255.0

speed auto

!

interface Serial0

bandwidth 128000

ip address 172.17.17.2 255.255.255.252

no fair-queue

!

router rip

version 2

network 10.0.0.0

network 172.17.0.0

network 192.168.1.0

no auto-summary

!

ip classless

no ip http server

!

access-list 101 permit ip any any

!

end

0 Helpful

arthurjjjc
Level 1
Level 1

‎01-11-2005 11:12 PM

Can any help me on this situation?

Thank you very much..

0 Helpful

majunior882
Level 1
Level 1
In response to arthurjjjc

‎01-13-2005 08:28 AM

Since you are using different networks to connect the routers, you may need to place some ip route commands there that will tell the far router to go to the internet router.

Also you could try using a different routing protocol. Instead of rip, use IGRP or EIGRP, they may actually allow you do to everything you are wanting without the need of the route commands.

0 Helpful

dbellaze
Level 4
Level 4
In response to arthurjjjc

‎01-13-2005 12:28 PM

It looks like you have RIPv2 running. If your internet router is running RIPv2 then you can configure redistrubition of your default route to take care of the routing portion.

!

router rip

redistribute static

!

You will also need to make sure that NAT is configured on the Internet router for all the networks in your remote offices that will be going to the internet.

If its simply WWW access then I would just configure PAT.

!

ip nat inside source list 1 interface ethernet 0 overload

!

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 1 permit 192.168.0.0 0.0.255.255

!

Also make sure no ACLs would deny the remote networks to the internet.

Daniel

0 Helpful

arthurjjjc
Level 1
Level 1
In response to dbellaze

‎01-18-2005 06:52 AM

Hi,

I could not ping the internet router from the head office router since the ethernet for ip address is in the same series with the head office router. How can i make a good configuration for this?

Internet Router:

F0=192.168.0.5 subnet 255.255.255.0

Head Office Router:

F0=192.168.0.3 subnet 255.255.255.0

They are connected on the same network switch..

Please advise on this...

0 Helpful

dbellaze
Level 4
Level 4
In response to arthurjjjc

‎01-19-2005 09:03 AM

If they are on the same subnet then you should be able to ping between the routers unless an ACL or filter is blocking.

Daniel

0 Helpful

arthurjjjc
Level 1
Level 1
In response to dbellaze

‎01-23-2005 10:16 PM

Base on the configuration Internet Router is using an F0 ip: 192.168.0.5 subnet: 255.255.255.0 while the Head office to warehouse router F0 ip: 192.168.0.3 subnet: 255.255.255.0.

These two routers were connected on the same network switch.. Is there any effect on their WIC interfaces because the 1st one uses a subnet 255.255.255.252 while the other is 255.255.255.240 for their WAN connection..

Please advise if you have any confusion on what i am trying to say..

Thanks...

0 Helpful

dbellaze
Level 4
Level 4
In response to arthurjjjc

‎01-24-2005 08:20 AM

Can you post a visio diagram of the network to clearly understand your question.

Daniel

0 Helpful

arthurjjjc
Level 1
Level 1
In response to dbellaze

‎01-24-2005 08:54 PM

Hi Daniel,

I attached the visio file you needed in order to understand my question....

Can you advise me tomorrow?

Thanks..

Arthur

2342-Kudu-NetDiagram.vsd
0 Helpful
Customers Also Viewed These Support Documents