Announcement

Collapse
No announcement yet.

How do I centralize internet access from remote sites?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I centralize internet access from remote sites?

    Hello,
    I have 2 sites with Cisco 1841 routers and a TLS line connecting the two sites together; each site has its own subnet. We send data and VoIP through the TLS now with no problems. However, I am trying to centralize the internet access from the remote site back to the main site to enforce internet traffic rules that are set at the main site. Each end of the TLS line has a static IP: Main 192.168.1.0 and Remote 192.168.1.1. At the remote site I tried to tell the router to send all the 0.0.0.0 traffic to 192.168.1.0, but that didnít work. I also tried telling it to send the traffic to the Main sites router and gateway ip addresses but neither worked. When I did a trace it looks like it doesnít know what to do with the package once it reaches the 192.168.1.0 in all the attempts I made. What am I doing wrong?
    Thank you for your help,
    Chad

  • #2
    Re: How do I centralize internet access from remote sites?

    A gateway address or route to another network has to be "pointed" to a directly connected interface or network. For example: router 2 has Ethernet interface address of 192.168.2.1 and Serial interface address of 10.1.1.2, you want all traffic to go through router 1 which has Ethernet interface address of 192.168.1.1 and Serial interface address of 10.1.1.1. To route all traffic from router 2 through router 1 you have to tell router 2 to route all traffic to network 0.0.0.0 through the serial interface or tell it to route all traffic for network 0.0.0.0 through 10.1.1.1.

    In other words, set the default gateway on router 2 to be the Serial interface on router 2 or set it to be the ip address of the Serial interface on router 1.

    Comment


    • #3
      Re: How do I centralize internet access from remote sites?

      Thank you for the reply. I am still not having any success. When I point the remote office 0.0.0.0 traffic to the main office gateway 192.168.100.254 it gets stopped at 192.168.1.1.
      Last edited by Chad; 16th April 2009, 01:02.

      Comment


      • #4
        Re: How do I centralize internet access from remote sites?

        OK, I'm not a Cisco engineer so bear with me.

        What type of circuit connects the two offices? You mentioned a TLS line. What is that? Is that transport layer security? Is it a branch-to-branch VPN connection?

        You should make the default route on the remote office router the ip address of the "external" or "near end" of the main office router, which is 192.168.1.1, which is also the directly connected interface.

        Your route statement is trying to make a route to the ip address of the "internal" or "far end" interface on the main office router. You're trying to make your default gateway through the main office router, when you should be making it to the main office router. This won't work. Think of it this way: You have multiple internal networks at each office. The connection between the routers is another separate "external" network. You're trying to make a connection between the two sets of internal networks without going through the "external" network. Again, this won't work.

        You could also try making the default gateway on the remote office router the FastEthernet0/0 interface. Something like this:

        ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.

        Comment


        • #5
          Re: How do I centralize internet access from remote sites?

          TLS is a Transparent LAN Service. http://en.wikipedia.org/wiki/Transparent_LAN_Service

          I had also tried the near endpoint address of the tunnel. Here are the ones I have tried and when I trace the route they all stop at 192.168.1.1, which is the near point on the main office TLS line.

          192.168.1.1 - Near point TLS point
          192.168.100.252 - main office router
          192.168.100.254 - main office gateway

          Thanks again.

          Comment


          • #6
            Re: How do I centralize internet access from remote sites?

            I'm not sure what's going on at this point. It sure seems like it's a routing issue. Try this: install a packet sniffer on a host in the remote office, then start the packet sniffer and ping or trace route to www.google.com. Look for ICMP redirect packets in the sniffer. If you get any ICMP redirects they are going to come from one of the routers. When you look at the details of the packet you'll see the router that generated the redirect and you'll see the ip address of the router it is redirecting the host to. This might give you an idea of where the routing is going wrong.

            An ICMP redirect is a routers way of telling the host that it should take a path other than through the router that generated the redirect.

            Comment


            • #7
              Re: How do I centralize internet access from remote sites?

              So I figured it out. I was forwarding it to the correct spot but I also had to setup my Sonicwall gateway to know the route.

              Comment


              • #8
                Re: How do I centralize internet access from remote sites?

                How'd you figure it out? Did the ICMP redirects help? Please post your findings as they may help others here.

                Comment

                Working...
                X