Necrofuzzy
join:2009-06-30
| simple point to point 1841 to 1841 through a T1
Hello me and my coworkers are very new to this, but here is our situation.
We have a T1 line running from our current office to a remote site. We have 2 1841 cisco routers to connect to each side.
We use a NT domain and assign ip addresses dynamically, on the office side. We would like to assign the addresses from the same dhcp server to the remote site. But first we need specific instructions on how to set up both routers. We have tried using sdm express but havent had much luck.
|
|
rsaturns
join:2004-12-06
Portland, OR
1 edit | Basically you need to take the following steps.
Setup the serial interface on each 1841. If this is a true private point to point you can use whatever IP address you want highly recommend a /30 as to save address space.
Once you can ping across the T1 you’ll need to make sure that the network on the Corp side of the link is aware of the network on the far side aka a route either statically assigned or using some sort of dynamic routing protocol.
Next setup your Fast Ethernet interface on the remote site with the network subnet of your choosing make sure again from Corp you can reach that side of the far router.
Setup an IP helper *address* on that fast Ethernet interface and point it to your DHCP server back at Corp.
Make sure Corp has a scope for this remote network.
That’s the process in a nutshell with a lot of detail omitted.
Edited to say ip helper address not interface.
--
»vinfotech.blogspot.com |
|
Necrofuzzy
join:2009-06-30 | What is an ip helper interface? Is it something we can do with sdm, (sad) thats what were trying to set it up with. Were noobs .  |
|
rsaturns
join:2004-12-06
Portland, OR | Edited above post should be address not interface.
--
»vinfotech.blogspot.com |
|
Necrofuzzy
join:2009-06-30
2 edits | reply to Necrofuzzy
Ok here is the problem we are having now.
pc with static ip of 192.168.200.20 is connected to:
router remote side
----------------------
Remote site fastethernet ip = 192.168.200.1
remote site serialT1 ip = 10.10.52.2
corporate site serialT1 = 10.10.52.1
corporate site fastethernet ip = 131.107.15.5
that is plugged into our main network wich is 131.107.x.x
our dhcp server is 131.107.1.14
our domain server is 131.107.1.5
from remote site we can ping the 131.107.15.5 but not the rest of the network.
??? any ideas why?
|
|
rsaturns
join:2004-12-06
Portland, OR
| I would suspect routing. Does the Corporate site network know how to route back to the 192.168.200 network? You can ping the 131.107.15.5 because that router knows about the 192.168.200 network because I assume you assigned it a static route.
You would need to tell the router in the 131.107.x.x how to route back to the 192.168.200 network.
--
»vinfotech.blogspot.com |
|
carp
join:2002-10-30
clubs:
 ·RoadRunner Cable
1 edit | reply to Necrofuzzy
remote site router should have statement:
ip route 0.0.0.0 0.0.0.0 10.10.52.1
corp:
ip route 192.168.200.0 255.255.255.0(or your actual mask) 10.10.52.2
make sure the other devices on 131.107.1.5 have the correct default gateway or the default gateway they point to has correct routing for the rest of the network.
or post your router configurations. |
|
Necrofuzzy
join:2009-06-30
| reply to Necrofuzzy
here is my configuration files, as we have yet to get this right
REMOTE SIDE
------------------------------------
Current configuration : 3330 bytes
!
! Last configuration change at 09:12:30 PCTime Mon Jul 6 2009 by buddha
! NVRAM config last updated at 14:24:17 PCTime Wed Jul 1 2009 by buddha
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ema2gsv
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$DH.o$FTjatYmUUyVIDUIPeLvBE/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain name mcc
!
username buddha privilege 15 secret 5 $1$lI7B$3ndLe94EF02YErpwx5sM4/
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.168.200.1 255.255.255.0
ip helper-address 131.107.1.14
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
description $ES_WAN$$FW_OUTSIDE$
ip address 10.10.52.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.52.1 permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Serial0/0/0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.200.0 0.0.0.255
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
CORP SIDE
----------------------------------------------------------
Current configuration : 1980 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gsv@ema
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name mcc
!
username buddha privilege 15 secret 5 $1$l9TE$dGB/kZA79E7NgqLZyxmtR1
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$
ip address 131.107.15.5 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.10.52.1 255.255.255.252
service-module t1 clock source internal
!
ip classless
ip route 192.168.200.0 255.255.255.0 10.10.52.2 permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username privilege 15 secret 0
no username cisco
Replace and with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to »www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end
like i said we are complete noobs at this. Hope you can help us with this. |
|
Necrofuzzy
join:2009-06-30 | reply to Necrofuzzy
I posted my configurations. Is there no hope for us? We are getting desperate as the deadline grows near. If there is anything we can provide other than this that will help identify what we are doing wrong. Just ask. |
|
aryoba
Premium,MVM
join:2002-08-22 | reply to Necrofuzzy
1. Is there a reason why the remote office router does NAT?
2. Why do you want route on corp router to reach remote office to be permanent? |
|
Necrofuzzy
join:2009-06-30
| reply to Necrofuzzy
Well like i said we really are new to this. And why would we not want the connection to be permanent. Its a direct T1, doesnt go through the internet. Its purpose is to have the remote office connect to our servers and log into our domain.
Should we not make it permanent? If not, please tell why? |
|
Necrofuzzy
join:2009-06-30
| reply to Necrofuzzy
We turned off the nat on the remote side. Dont know why we had it on in the first place. From corp we can ping the router and a machine connected to the router via switch, But from the remote machine we cannot ping or communicate with the network that is connected to the router on corporate side, even though they have the same settings. i.e
next hop for the remote router is 10.10.52.1(interna)
and a route from 131.107.15.5(the corp router) for a network here at corp is 131.107.0.0 255.255.0.0 has been added.
and here on the corp side the next hop is 10.10.52.2(internal)
and a route from 192.168.200.1(remote router)
and that route =
192.168.200.0 255.255.255.0 to 131.107.15.5 |
|
carp
join:2002-10-30
clubs:
·RoadRunner Cable
3 edits | reply to Necrofuzzy
That makes no sense to me. With NAT removed from the configs you posted I'm not seeing anything jump out at me as to why you are having an issue unless it's something outside of these two routers assuming the current config of the routers is correct based on the rest of the corporate network.
Are you sure the mask you used for 131.107 on the corp router is correct? Based on the mask you used you are telling the router that all of 131.107.x.x is the same segment. No other segments handled by other routers. I see you have 131.107.15.5 as the IP address on the router at corp but you also have a helper of 131.107.1.14 on the remote. Are 131.107.15 and 131.107.1 really separate IP segments. If so, there is work to do on the corporate side of your network. |
|
