cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

NetVanta 3200 T1 Branch Office Internet Access

Jump to solution

I just recently install two NetVanta 3200 on both ends of a T1 to a branch office.  I have the ability to access production network from the branch office; however, I can't get out to the internet, which is accessed via the production network.  I can ping the gateway. 

I believe I have a routing loop since when I ping from the branch office, say to Google.com, I get a TTL expired in transit.

Here is some configuration and routing

Production Network: 10.20.0.0/16 - A SIDE

Branch Office Network: 172.21.1.0/24 - B SIDE

Router (A-Side)

eth0/1:      10.20.15.45/16

ppp1          10.10.10.1/30

Routing Table

A Side Table.gif

Router (B-Side

eth0/1:       172.21.1.0/24

ppp1;          10.10.10.2/30

B Side Table.gif

Any assistance would be great! 

Randy

Labels (1)
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Honored Contributor
Honored Contributor

Re: NetVanta 3200 T1 Branch Office Internet Access

Jump to solution

On your A-side production network, you have your default 0.0.0.0/0 route pointed back to the PPP1 interface.  This default route should have a next-hop of your NAT firewall connected out to your ISP.

You should also have a static route to 172.21.1.0/24 with a gateway of 10.10.10.2

On your B-side router all you really need is a default route pointing to 10.10.10.1 on the other end of the PPP link because it's the only link out to both Production and the Internet.

It's best practice generally to reference the other side IP address rather than the interface.

So, you should wind up with something like this as your only static routes:

A-Side Production:

Destination          Mask                       Next-hop

0.0.0.0                    0.0.0.0                    [inside IP of firewall - 10.20.5.2 perhaps?]

172.21.1.0          255.255.255.0         10.10.10.2

B-side Branch

0.0.0.0               0.0.0.0               10.10.10.1

You will also need to configure your NAT firewall with the 172.21.1.0 network having permission to NAT out to the Internet just as the 10.20.0.0 subnet does.  And you'll have to add a static route on the firewall like this so it can get back to the branch office:

172.21.1.0          255.255.255.0  [10.20.X.Y - interface IP of Production router]

View solution in original post

2 Replies
Highlighted
Honored Contributor
Honored Contributor

Re: NetVanta 3200 T1 Branch Office Internet Access

Jump to solution

On your A-side production network, you have your default 0.0.0.0/0 route pointed back to the PPP1 interface.  This default route should have a next-hop of your NAT firewall connected out to your ISP.

You should also have a static route to 172.21.1.0/24 with a gateway of 10.10.10.2

On your B-side router all you really need is a default route pointing to 10.10.10.1 on the other end of the PPP link because it's the only link out to both Production and the Internet.

It's best practice generally to reference the other side IP address rather than the interface.

So, you should wind up with something like this as your only static routes:

A-Side Production:

Destination          Mask                       Next-hop

0.0.0.0                    0.0.0.0                    [inside IP of firewall - 10.20.5.2 perhaps?]

172.21.1.0          255.255.255.0         10.10.10.2

B-side Branch

0.0.0.0               0.0.0.0               10.10.10.1

You will also need to configure your NAT firewall with the 172.21.1.0 network having permission to NAT out to the Internet just as the 10.20.0.0 subnet does.  And you'll have to add a static route on the firewall like this so it can get back to the branch office:

172.21.1.0          255.255.255.0  [10.20.X.Y - interface IP of Production router]

View solution in original post

Highlighted
New Contributor

Re: NetVanta 3200 T1 Branch Office Internet Access

Jump to solution

jayh,

Thank you for the information.  I was over-thinking the problem and creating bigger problem for myself.  I used your input and I now have everything talking and my branch office is now on the internet.

Thank you very much!!!!!!

0 Kudos
Reply