Routing external (ISP) addresses over a WAN - HELP!

scornflake · ‎08-21-2006

Greetings all, hopefully this is rather simple to do, but with no training, here I am asking your assistance...

I'm running a WAN, consisting of a central location with internet access, and a few satellite locations connected via fiber sonet. I've got a router at each location and as far as internal traffic goes, I've got it running fine. I have a block of external (ISP provided) IP addresses that reside at the central location. the problem is, I have a client at one of the satellite locations that needs to be provided with one of the external IP addresses. So, I guess I need to somehow route the traffic (from the cloud) destined for this external address through my router at the central location, across the SONET to the router at the satellite location. Can someone help me out with some correct commands, or a sample config? I'll happily provide more information if I've neglected to fully explain anything.

Thanks,

Andrew

andrew@scornflake.com

mheusinger · ‎08-21-2006

Hi,

you could setup a static host route for the single address. Longest match in the routing table should then do the trick. Example config could look like this:

R1

interface Serial0

description to R2

ip address 10.1.1.1 255.255.255.252

interface Ethernet0

description official IPs

ip address 1.2.3.1 255.255.255.0

ip route 1.2.3.251 255.255.255.255 Serial0

ip route 1.2.3.252 255.255.255.252 Serial0

R2

interface Loopback0

ip address 1.2.3.251 255.255.255.255

interface Ethernet0

description official IPs

ip address 1.2.3.254 255.255.255.252 secondary

ip address 10.2.1.1 255.255.255.0

interface Serial0

description to R1

ip address 10.1.1.2 255.255.255.252

ip route 0.0.0.0 0.0.0.0 Serial0

The static default is needed to route traffic back to the internet (where probably the traffic for 1.2.3.251 comes from). If you have a host with 1.2.3.253 the second route would be used.

You need to adjust IP addresses, interfaces and the like to your environment. And double check with a router, as I had no one avail. to test the config.

Hope this helps! Please rate all posts.

Regards, Martin

ilya.varlashkin · ‎08-21-2006

If you have direct IP connection between main and satellite sites, you can simply apply example Martin has provided. Although not strictly required, it's better if all links on the way from the internet towards your client at satellite site will have public IP (this might be waste).

Alternatively, if satellite location has Internet access via central site _and_ protocols they're using are NAT-friendly (e.g. no IPSEC), then you could configure NAT at your central location. This can be either static 1:1 if system(s) at satellite site require incoming connection (sounds like that from your discription, please correct if I'm wrong), or by setting up a pool of addresses for outgoing connections. Rationale behind this approach is that your client would still need to pass through your central site anyway.

Doing NAT is generally considered best practice these days in enterprise environment. Doing routing of public IP is typical way for ISP environment.

If you post a diagram of involved systems from your internet connection down to the client, I could be more precise on which approach might be better for you.

scornflake · ‎08-22-2006

ilya,

It would seem NAT is exactly what I need to setup, as the External IP address I need to send to the satellite location does indeed need to be accessible from the cloud. can you direct me to a good site where I can get some specific setup instructions for configuring NAT on my router at the central location? Also, it occurs to me that at the central location, my ISP service comes into a router, which I have connected to a switch, which in turn connects to my servers that have external IP addresses (Mail, VPN,) as well as to my gateway firewall device for internet access for my LAN clients. this (external) router is seperate from my other, internal, router which ties together the WAN. How do I get one of my ISP provided IP addresses from the external router, and send it through my internal router to the WAN-attached satellite location? MAybe NAT will take care of this, or do I need a static route there?

I'll include a drawing of the network in a little while.

Thanks.

ilya.varlashkin · ‎08-22-2006

Let's say you have following topology:

[ISP]--[rtr1]---[rtr2]---[remote_loc]

Common subnet of rtr1 and rtr2 has public addresses, your public servers are also there but not shown. You want to chip off 1 or 2 addresses to remote_loc. To achieve this you need to configure remote_loc only with private address(es) and on rtr2 do two things:

1) configure route for relevant private networks at remote_loc

2) configure static NAT to map private_ip1 to a free IP from public subnet

Now if something on public subnet sends ARP request "who has ?", your rtr2 will respond "I have, here is MAC address for this IP", so traffic for this public IP will follow to the router, where it will be NAT'ed to private address and sent further according to route for that private address.

You can see more information on NAT at Cisco NAT page - http://www.cisco.com/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html

Two documents there might be of particular interest for you:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091cb9.shtml

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

Let me know if this helps.

scornflake · ‎08-24-2006

I've drawn up a quick-and-dirty network diagram. can you take a look and rephrase, based on my particular situation? Again, my ISP-provided public addresses come into location 1, and I need to get one of them over to location 2, to be able to access the cloud, as well as be accessed BY the cloud.

Thanks.