cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
642
Views
0
Helpful
9
Replies

directing Internet traffic to the Internet

saidfrh
Level 1
Level 1

Hi,

We have a point-to-point connection from a branch office to headquarters. The branch office accesses the Internet, voice and resources from headquarters. Both routers are Cisco 1721s. The branch office will get its own T1 access to the Internet. If we install a second T1 WIC card on the branch offices 1721 router, how can we direct Internet traffic through the second serial port? The branch office has "ip route 0.0.0.0 0.0.0.0 172.16.2.1 (headquarters serial point to point int.)

Thanks.

2 Accepted Solutions

Accepted Solutions

Said

The 2 static routes that you post should work and should do what you want. I would suggest that for backup purposes you might also configure a floating static default route so that if the branch loses their Internet T1 that they could route to HQ to get Internet connectivity as a backup. So it might look like:

ip route 0.0.0.0 0.0.0.0 s1 250

note that the 250 on the end is the administrative distance that makes this a floating static default route which would only be used if the primary static default route is removed from the routing table because of a problem with that T1.

HTH

Rick

HTH

Rick

View solution in original post

Yes, also you can use the backup solution offered by rburst above to backup the internet traffic in case of failure in the T1 link.

So finally:

ip route 192.168.x.x 255.255.x.x s1

ip route 0.0.0.0 0.0.0.0 t1-interface

ip route 0.0.0.0 0.0.0.0 s1 253

View solution in original post

9 Replies 9

mounir.mohamed
Level 7
Level 7

On the branch router, Route the voice and HQ resources IP prefixes over the p2p serial link, and configure default route over the new T1 link, so now any longest match prefix will use the first link and any traffic toward unknown destinations will follow the default route and path through the second link (T1)

Mounir,

So "ip route 192.168.20.0 255.255.255.0 s1" will route the voice and data to headquarters through the point to point and "0.0.0.0 0.0.0.0 xx.xx.xx.xx " will route Internet traffic to the ISP?

Said

The 2 static routes that you post should work and should do what you want. I would suggest that for backup purposes you might also configure a floating static default route so that if the branch loses their Internet T1 that they could route to HQ to get Internet connectivity as a backup. So it might look like:

ip route 0.0.0.0 0.0.0.0 s1 250

note that the 250 on the end is the administrative distance that makes this a floating static default route which would only be used if the primary static default route is removed from the routing table because of a problem with that T1.

HTH

Rick

HTH

Rick

Rick,

Thank you. The point-point connection to headquarters will be replaced by an MPLS managed router. The MPLS router will connects several branch offices. Each branch office would also have their own Internet connection. The MPLS router will be connected to the local LAN switch. The design as as follows: Internet/ISP router>Perimeter router>ASA5000 firewall>LAN switch>MPLS router. Could you suggest the static routing command for the ASA to route traffic from the LAN switch to the networks ex. 10.10.1.0, 10.20.1.0... on MPLS router?

Said

Perhaps there are things in your environment and in your requirements that I do not fully understand yet. But it seems pretty simple to me. If the ASA needs to get to 10.10.1.0, 10.20.1.0, etc and they are located on the inside interface then the ASA gets a route statement for those subnets pointing to the next hop through the private interface.

If I have not understood something perhaps you can clarify.

HTH

Rick

HTH

Rick

Rick,

We are setting up a new network. Several branch offices and headquarters will be on a MPLS network managed by the ISP/Telco, for a mesh WAN topology. Each branch office and headquarters will have their own separate networks and dedicated Internet access. The MPLS network will be connected to each branch's LAN switch. The topology is: Internet/ISP router>branch office router>ASA Firewall>LAN switch>MPLS network. The default gateway on the LAN switch is the inside interface of the ASA firewall. When the local hosts connected to the LAN switch want to access resources on the MPLS network, the packets will go through the firewall's inside interface. Static routes in the firewall will redirect the packs back to the switch and to the port that the MPLS connects to the switch. Jon in the Cisco Forum called it "hairpinning". Would you know the routing statements in the ASA firewall that redirects packets to the switch and to the MPLS port?

Yes, also you can use the backup solution offered by rburst above to backup the internet traffic in case of failure in the T1 link.

So finally:

ip route 192.168.x.x 255.255.x.x s1

ip route 0.0.0.0 0.0.0.0 t1-interface

ip route 0.0.0.0 0.0.0.0 s1 253

Thank you.

Welcome. :)

Review Cisco Networking for a $25 gift card