How to communicate two LANs on different locations with a data link provided by ISP

imran.ipplf · ‎03-14-2014

Hello All,

I want to ask that we have two networks on different locations with same subnet. Currently we have acquired a data link from ISP to communicate between our two locations. we have Cisco 2611 XM router at one end and the other end is equipped with Cisco ASA 5510. Now how can I communicate these networks?

The IP details are as under:

Location A Location B

172.17.17.x 172.17.16.x

255.255.0.0 255.255.0.0

Data Link IPs from ISP

10.152.7.46 10.152.6.46

10.152.7.45 DG 10.152.6.45 DG

255.0.0.0 255.0.0.0

Now, should we connect our two networks with same IP configuration or we need to reconfigure one subnet? Also please advise configuration scenarios.

Thanks in advance.

Regards,

Imran

shamax_1983 · ‎03-14-2014

You can do some fancy NAT'ing on both sides to overcome this situation.. But before going there, If possible, The best way to deal with your specific scenario is to change the subnet masks on both sides from 255.255.0.0 to 255.255.255.0. But before that, you have to make sure that SIte A's currently allocated IPs are only given out from the range 172.17.17.X and siteB's from 172.17.16.X and NOT from any other 172.17.X.X ranges... If you can confirm this, an If DHCP is used in each site, simply change the DHCP scopes to reflect the subnet mask change ( and probably get the users to reboot their PCs or release/renew DHCP through CLI if they know how to do that :)). After this you will have to change fixed Network settings (masks) on all servers to reflect the new mask. Also change Gateway IP addresses etc.

Depending on the set-up, you may need to change your NAT setting on the router to reflect the new subnet mask.

after that, you can set-up either dynamic routing or static routing with your ISP so two sites can communicate with each other..

Although this is a bit more involved, it will avoid lot of pain/confusion in the future compared to NAT method.. but of course if this change is not possible in your environment, let me know I can help you with the NAT setup.

imran.ipplf · ‎03-14-2014

Dear Shamax,

Many thanks for your prompt reply.

I can change my subnets as 172.16.x.x and 172.17.x.x with default subnet mask. we are also using some numbers from 3rd portion like 172.17.15.x/16 etc.

I had tried one scenario, I putted a connection coming from my ISP into my ASA 5510 Ethernet 0/2, (e0/0 is outside port and e0/1 is inside port). Renamed e0/2 as Datalink and gave an IP 10.152.7.46 to the port. Add a static route (select Interface = Datalink, Network = 172.16.0.0, Gateway = 10.152.7.45)

At the other location I connect the ISP data link into fa0/0 (IP is 10.152.6.46) of Cisco 2611 XM router. The other interface fa0/1 (IP is 172.16.1.1/16 ) connected with a laptop (a normal unmanageable switch is between router and laptop). The laptop is being configured with a IP of 172.16.1.5/16 and DG 172.16.1.1. Also a static route was added on the router which was:

Ip route 172.17.0.0 255.255.0.0 fa0/0

Now the results are:

From both locations I can ping data link IPs and gateways

From my ASA I can ping 172.16.1.1, but unable to ping 172.16.1.5

Unable to ping my ASA ports from 2611 XM Router.

Can you please sort out the issue for me??

Regards,

Imran

shamax_1983 · ‎03-14-2014

Hi Imarn,

I think you have two possible issues here..

First of all, As you mentioned before, you already have a 172.17.x.x 255.255.0.0 connected subnet in the 2611 XM router and you also added another static route,

ip route 172.17.0.0 255.255.0.0 fa0/0

So basically you have two routes one via Connected subnet and, the other one via the Static route... In this case your Connected subnet always wins,and static route will have no effect on the routing table.. you can verify this by checking your routing table yourself.

One way you can overide this is by putting a more specific route on the router, In your case, since you are using 172.17.17.x onsite A, instead of the route you added previously, add the following route

ip route 172.17.17.0 255.255.255.0 10.152.6.45

note that I am not specifying the outgoing interface.. instead use the IP address directly..

Now to test this proparly(from the Router or ASA), when you ping you need to speficy your source address so it will generate the ping with the source IP of 172.17.17.X(your ASA inside address)..

Otherwise it will pick up the outgoing IP address as the source IP.. in your case if you ping 172.16.1.5 (or 172.16.1.1) from ASA it will pick up the IP address 10.152.7.46 as its source IP address which will still reach the Router at site B, but it wouldn't know how to get back to that source IP address because you don't have routes in the router specifying 10.152.7.44/30 range.

BUT unfortunately by design, you can't specify source address/Interface on the ASA. But looking at your current subnetting plan, if you already have the above suggested static route configured on siteB, you shoule be able to ping the 172.16.1.5 or routers interface IP (172.16.1.1) without any issues.

If you ping site A from the host 172.16.1.5, this should work as well. If you want to ping SiteA from the router you need to specify the source IP address like so (which is allowed on routers with following command,

ping 172.17.17.X source fa0/1

Give it ago and let me know if any issues..

If this works, that means your routing works through the ISP, after this you can proceed to do the migration from 172.17.16.X to 172.16.X.X or 172.16.1.X which ever you prefer.

Hope this helps..

please rate helpful answers..