Re: WAN Routing Help

admin_2 · ‎05-09-2004

This has been my first attempt at a WAN design and implementation. So far it has gone pretty well but having one problem and hoping I can find some answers. Information - The main location has a 2600 with 4 wics - 1 for T1 out for internet access(for all 4 locations) and 3 others for the 3 remote locations. The 2600 is serving DHCP/DNS to all users at the main location out its Ethernet port. Everything at the main location is working well.

In the 3 remote locations there is a 1720 with 1 wic and the Ethernet port is doing local DHCP/DNS to the local users as well. All 3 1720's can ping all interfaces on the 2600 as well as the other 1720's. However the local clients at these locations get DHCP/DNS assigned but can't ping outside the Ethernet port of their respective 1720. Any ideas what I still need to do? Thanks in advance!

tekha · ‎05-09-2004

Do the clients get a default gateway?

Sounds like you forgot to put in a default-router in your DHCP pool on the 1720's.

Ip dhcp pool POOL

network x.x.x.x x.x.x.x

default-router x.x.x.1

dns-server y.y.y.y

Report Inappropriate Content · ‎05-09-2004

I did put in a default gateway at all 3 locations of the local Ethernet port on the 1720's. We subnetted it out based on location for example one location is 192.168.34.x - the 1720 LAN ip address is 192.168.34.1 which is wat I set as the default-router. Is this incorrect? Thanks!

tekha · ‎05-09-2004

So 192.168.34.1 is one of the 3 locations not working?

Try and make an extended ping from the 2600's Ethernet interface, you know.

ping

ip

192.168.34.1

10

100

2

y

ethernet0

Does this work?

I guess you could see if you are able to ping from a pc on the 192.168.34.0 to the local 1720 router's WAN interface, if that works you know the default gateway is right.

Do you think you could post the configuration of the 2600 router, excluding public addresses and passwords?

I am thinking maybe you forgot routings for the 192.168.34.0 net on your 2600 router.

Report Inappropriate Content · ‎05-09-2004

At each of the remote locations I can only ping the local gateway which is the Ethernet port on the 1720 from any client pc. However, from the router I can ping all other interfaces at the other locations on the 1720's and the 2600. I'm sure it is just a configuration issue - like a routing issue. I don't have the configs. with me but I will try to post them tomorrow. Thanks!

Report Inappropriate Content · ‎05-10-2004

Any thoughts or help on this one? Thanks!

n2-goes · ‎05-10-2004

Hello,

Did you check the client pc ip configuration to be sure that the gateway is set?

Nadine

Report Inappropriate Content · ‎05-10-2004

Do I need to enable BGP or EIGRP on all routers? Thanks

jamey · ‎05-10-2004

You shouldn't need to use a dynamic routing protocol in your network since it is a pretty simple layout. Just use a default static route on the 1700 series routers, e.g.:

ip route 0.0.0.0 0.0.0.0 x.x.x.x ->where x.x.x.x is the next hop (the 2600 serial port IP).

If you wanted to use a dynamic routing protocol you needn't select BGP. Use EIGRP instead.

As the other posters stated, it seems like your PC clients don't the correct default gateway and/or they don't have the correct subnetmask. Go to a command prompt and type in:

ipconfig /all

and verify the default gateway and subnet mask is correct.

Also, it might help to paste the config of one of the 1700 routers (and maybe the output of ipconfig /all from one of the client PCs at one of the remote sites.)

Another possibility is the 2600 doesn't have routes to the remote subnets. Ensure the 2600 has routes like this:

ip route 192.168.34.0 255.255.255.0 x.x.x.x -> where x.x.x.x is the next hop (serial IP) of the 1700. Repeat for each subnet.

Summary:

My first guess of what is wrong is you don't have routes to the remote subnets from the 2600. Use static routes or EIGRP to correct if this is true.

My next guess would be you don't have the correct subnet mask/default gateway set on the remote PCs.

-HTH

hmcdavid · ‎05-10-2004

Try using tracert from windows or traceroute from router to see until where you have conection. Put ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx for remote sites are serial ip address of the 2600 and for 2600 the address of your ISP. For example:

2600's Serial 0: 192.168.1.1, 192.168.2.1, 192.168.3.1

For 1st site: ip route 0.0.0.0 0.0.0.0 192.168.1.1

For 2nd site: ip route 0.0.0.0 0.0.0.0 192.168.2.1 and so on for 3rd site

For 2600: ip route 0.0.0.0 0.0.0.0 200.44.15.44 where last ip address is the address of your ISP or you can change it for serialX where it will be serial port connected to ISP (Internet).

If you are using NAT you have to add ip nat inside on each serial port or sub interface in the 2600 and adding access-list for every net (LAN) of the remote site

Report Inappropriate Content · ‎05-10-2004

Ok - so let me see if I understand?

On the 2600 each of its serial interfaces(excluding the wic out to the internet) Do a Nat enable inside statement right? Are you saying on the 2600 serial 0(which is the connection out to put in the ip address of the 1720's Ethernet port ie. 192.168.33.1, 34.1, and 35.1 ? Then at each 1720 do a ip route 0.0.0.0 0.0.0.0 and then point it to what? Hope this makes sense - Thanks!

jamey · ‎05-10-2004

First you need to fix the problem with the remote site PCs not being able to get to the 2600. Once that is fixed, the previous poster was stating how to make sure those remote subnets could get out to the Internet by doing NAT on the 2600.

Let's say you have this:

2600:

s0: 192.168.5.1 255.255.255.0

s1: 192.168.6.1 255.255.255.0

s2: 192.168.7.1 255.255.255.0

(or whatever)

Now, let's say s0 is connected to "site 1" 1700 router s0 which has IP 192.168.5.2 255.255.255.0 (or whatever).

Let's further say that site 1 1720 router's ethernet IP is 192.168.33.1 255.255.255.0 (or whatever)

2600(s0):192.168.5.1-----192.168.5.2(s0)1720(e0)192.168.33.1---PC

We'll assume the client PCs at site 1 have the correct mask and default gateway set.

On the 2600 you would need:

ip route 192.168.33.0 255.255.255.0 192.168.5.2

(this tells the 2600 how to get to the remote ethernet network for site #1)

On the 1720 you would need:

ip route 0.0.0.0 0.0.0.0 192.168.5.1

(this tells the 1720 to go to the 2600 for everything)

and then do the same thing for each of the other remote sites.

Note, You could alternately just enable EIGRP on each router.

Then once all sites can get to each other (and of course the 2600), you could enable NAT to access the Internet on the 2600. Not sure what your desired goal is for Internet access.

Let us know how the 2600 to remote site issue goes. Once that is resolved people here can tell you how to properly configure NAT on the 2600 (if that is your goal).

-HTH

mihran.junior · ‎05-10-2004

Isn´t it any problem with any access-list you created?

Richard Burts · ‎05-10-2004

It would be helpful to know the IP addressing scheme you are using on all of these routers.

It would also be helpful to have the results of show ip route from one of the 1720s and the 2600.

My guess is that the person who suggested extended ping was on the right track, except I think it will be most helpful to do extended ping on one of the 1720.

a standard ping from the 1720 will have the source address of the serial interface. And my guess is that all of the 1720s recognize the serial addresses of the other routers (and we could be more sure of this if we knew what addressing you are using on the serial interfaces).

I suspect that there is some problem with the 1720 knowing how to route to the remote Ethernets. And I believe even more that the destination may not have a route back to the source.

I believe that you can resolve your problem through a careful set of static routes (each 1720s could probably have a default static route pointing to the 2600 - the 2600 must have a static route to the Ethernet of each 1720). I believe that the better answer to your issue is to run EIGRP and advertise the subnets dynamically.

HTH

Rick

Report Inappropriate Content · ‎05-17-2004

It looks like it was a NAT routing issue and creating a pool seems to have resolved the problem. However, it seems to be flaky at times and will randomly just loose connection from the 2600 to one of the 1700's. I'm thinking I might implement EIGRP as you are suggesting. Also, I need to figure out how to get the latest IOS versions downloaded. I'm sure that will help. Thanks for everyones help so far.