05-02-2003 11:30 PM - edited 03-02-2019 07:05 AM
i have i cisco 1600 router at my home office, i try to set up the router to communicate with my work over ISDN. if i ping the destination address from the router console then everything works fine, but if i do this from the LAN then nothing happens. does anyone have som tips for on have to solve this misconfiguration. my ethernet port is 192.168.107.1 and the BRI0 interface must have ip address 192.168.101.9 towards my work.
Thanks in advance
Jan Wilhelmsen
05-03-2003 12:20 AM
Hello Jan,
There are two things you need to do.
The 1600 should have a default route pointing to 192.168.101.9, so that all packets from the LAN will be send across the ISDN link, to your work router.
Also the router at your office should have a route to 192.168.107.0 network inorder to reply back to your ping responses. Add a static route on the work router ( i am not sure if this is allowed at your work) pointing to the ISDN interface ip address of the 1600.
ip route 192.168.107.0 255.255.255.0 192.168.101.x
Hope that should help!
05-03-2003 11:43 PM
Thanks! I think i have some more information about the problem.
When i ping from my computer 192.168.107.3 an entry i the firewall at my work comes up with a blocking rule on the ip address 192.168.107.3. the thing is that i know that network 192.168.101.X is routed but i dont think that 192.168.107.x is.
What i want to do is to NAT from my ISDN interface.
So if my machine at home comes through to my work with 192.168.101.9 address then i think everything should be working.
is this possible ?
Thanks to everybody!
Jan
05-05-2003 11:55 AM
Using NAT won't help, the firewall knows the diff between incoming and outgoing packets. You didn't say which type of firewall (Lock&Key, dynamic, reflexiveACL, CBAC(Stateful Packet Inspection)) you are using, but you will need to reconfig so that it will let a temp hole in firewall for your home LAN. You can make as general as "ip" traffic or can get as specific as to which TCP/UDP port #s are allowed. As with ALL holes in firewalls make sure to use a good authentication method, CHAP is better than nothing, but can be hacked by those who know how. Hope this helps!
05-03-2003 09:11 AM
If the ping/ connection works from the router but does not from the PC then can try out the following:
1)From the router console do an exteneded ping to the dest address, with the sourse address of the ethernet (x.x.107.1).......if this works then ensure that the PC default gateway is set as the ethernet ip address of the 1600.
If the above extened ping does not work then we have a routing issue where the remote does not know how to route the packet back to the PC.
deb ip packet detailed will be useful.
Thanks, Mak.
05-03-2003 10:18 PM
Hi Jan -
While the other two suggestions are good places to start, you do not mention whether or not you have internet access( or any other connections) at home.
If not and you ONLY have the one connection to your main office: if you are able to ping your office from the router(con) , then the ISDN connection between is working, you should make sure there is a default route pointed to the office router (ip route 0.0.0.0 0.0.0.0 192.168.101.x ) Your company is using a PRIVATE class C address so you cannot use for internet access unless you are using NAT to translate into public address. You should also make sure all of your host computers have their default gateways pointed to the ethernet port on your home router (192.168.107.1). Make sure the host computer ip addresses are in the same subnet as the ethernet port.
Also, make sure your DDR is set up correctly so you aren't bringing up the connection for every update sent( if using dynamic routing protocol - RIP, OSPF, etc., you may want to make them( BRI) passive-interfaces.)
If you DO have internet access at your home things can get more complicated.
You can try to have a static route to the office and a default route to ISP, or you might have to use route maps/policy routing to make sure traffic is routed to where you want it to go. Again, you would need to use NAT to translate the addressing going to the internet.
Hope this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide