01-11-2005 10:59 PM - edited 03-02-2019 09:01 PM
Hi,
I need help in allowing the internet to access by our warehouse.
Scenario 1:
We have three routers installed
1. Internet Router
2. Head office to Warehouse interconnection
3. Warehouse to head office interconnection
Scenario 2:
Internet router and (Head office to Warehouse router) were connected via switch that means it is located on the same network.
Scenarion 3:
(Head office to Warehouse router) and (Warehouse router to Head office) were connected via leased line..
Is there any configuration that i need in order for the internet router to be accessed by our warehouse?
01-11-2005 11:10 PM
Below were the configuration of the following routers:
Internet Router:
Current configuration : 2509 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Kudu
!
enable secret xxxxx
!
username nourmaint password xxxx
username kudu password xxxx
ip subnet-zero
!
!
ip name-server 212.12.160.2
ip name-server 212.12.160.3
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
interface Ethernet0
ip address x.x.x.x 255.255.255.240
ip access-group viruses in
ip access-group viruses out
ip nat outside
rate-limit input 256000 16000 16000 conform-action continue exceed-action drop
rate-limit output 256000 16000 16000 conform-action continue exceed-action drop
half-duplex
!
interface FastEthernet0
ip address 192.168.0.x 255.255.255.0
ip nat inside
speed auto
!
ip nat inside source static 192.168.0.16 x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip nat inside source static 192.168.0.x x.x.x.x
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
ip pim bidir-enable
!
!
ip access-list extended viruses
deny tcp any any eq 135
deny tcp any any eq 137
deny tcp any any eq 139
deny tcp any any eq 445
deny udp any any eq 445
deny udp any any eq netbios-ss
deny udp any any eq netbios-ns
deny udp any eq netbios-ns any
deny udp any eq netbios-ss any
deny udp any eq 445 any
deny tcp any eq 137 any
deny tcp any eq 135 any
deny tcp any eq 139 any
deny tcp any eq 445 any
permit ip any 212.x.x.0 0.0.0.255
permit ip 212.x.x.0 0.0.0.255 any
deny ip any any log
!
access-list 115 deny tcp any eq 135 any
access-list 115 deny icmp any any
access-list 115 deny udp any any eq tftp
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 593
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
Head Office To Warehouse Router:
hostname kudu-hq
interface FastEthernet0
ip address 192.168.0.3 255.255.255.0 secondary
ip address 10.10.1.3 255.255.255.0
speed auto
!
interface Serial0
bandwidth 128000
ip address 172.17.17.1 255.255.255.252
no fair-queue
!
interface Serial1
bandwidth 128000
ip address 172.17.17.5 255.255.255.252
no fair-queue
!
router rip
version 2
network 10.0.0.0
network 172.17.0.0
network 192.168.0.0
no auto-summary
Warehouse To Head Office Router:
kudu-wh>en
Password:
kudu-wh#sh run
Building configuration...
Current configuration : 763 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname kudu-wh
!
enable secret xxxx
!
username xxx password xxxx
username nourmaint password xxxx
ip subnet-zero
!
!
!
!
!
!
!
interface FastEthernet0
ip address 10.10.0.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
speed auto
!
interface Serial0
bandwidth 128000
ip address 172.17.17.2 255.255.255.252
no fair-queue
!
router rip
version 2
network 10.0.0.0
network 172.17.0.0
network 192.168.1.0
no auto-summary
!
ip classless
no ip http server
!
access-list 101 permit ip any any
!
end
01-11-2005 11:12 PM
Can any help me on this situation?
Thank you very much..
01-13-2005 08:28 AM
Since you are using different networks to connect the routers, you may need to place some ip route commands there that will tell the far router to go to the internet router.
Also you could try using a different routing protocol. Instead of rip, use IGRP or EIGRP, they may actually allow you do to everything you are wanting without the need of the route commands.
01-13-2005 12:28 PM
It looks like you have RIPv2 running. If your internet router is running RIPv2 then you can configure redistrubition of your default route to take care of the routing portion.
!
router rip
redistribute static
!
You will also need to make sure that NAT is configured on the Internet router for all the networks in your remote offices that will be going to the internet.
If its simply WWW access then I would just configure PAT.
!
ip nat inside source list 1 interface ethernet 0 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
Also make sure no ACLs would deny the remote networks to the internet.
Daniel
01-18-2005 06:52 AM
Hi,
I could not ping the internet router from the head office router since the ethernet for ip address is in the same series with the head office router. How can i make a good configuration for this?
Internet Router:
F0=192.168.0.5 subnet 255.255.255.0
Head Office Router:
F0=192.168.0.3 subnet 255.255.255.0
They are connected on the same network switch..
Please advise on this...
01-19-2005 09:03 AM
If they are on the same subnet then you should be able to ping between the routers unless an ACL or filter is blocking.
Daniel
01-23-2005 10:16 PM
Base on the configuration Internet Router is using an F0 ip: 192.168.0.5 subnet: 255.255.255.0 while the Head office to warehouse router F0 ip: 192.168.0.3 subnet: 255.255.255.0.
These two routers were connected on the same network switch.. Is there any effect on their WIC interfaces because the 1st one uses a subnet 255.255.255.252 while the other is 255.255.255.240 for their WAN connection..
Please advise if you have any confusion on what i am trying to say..
Thanks...
01-24-2005 08:20 AM
Can you post a visio diagram of the network to clearly understand your question.
Daniel
01-24-2005 08:54 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide