URGENT PROBLEM – ENABLING INTERNET ACESS THRU VARIOUS SUBNETS IN A WAN CONFIGURATION
Cabling, Cisco, DataCenter, DHCP, DNS, Hardware, Hubs, Interoperability, Network management software, Networking services, Routers, Software, Switches, Tech support
Hello All,
I have a problem currently with my current WAN setup accessing the internet.Pls help!
Configuration:
4 locations connected via ADSL Leased Circuits in a WAN Setup
Internet Access via cable modem connected to Netgear wireless router in 10.10.10.0 subnet
NO DHCP Server running in WAN
HQ config-
Subnet:10.10.10.0/255.255.255.0
SQl Applicaton Svr(Win2003svr): 10.10.10.1/255.255.255.0
Cisco ADSL 837 w/4-port switch Router:10.10.10.100/255.255.255.0
Firewall disabled
DHCP/NAT disabled
(downlinked connection to Netgear router)
Netgear WGR614 Wireless Router w/4-port switch:10.10.10.50/255.255.255.0
Firewall Disabled
DHCP/NAT Disabled
(cable modem connected to WAN port and uplinked connection to Cisco router)
*** All PCs/Clients work perfectly fine connecting to SQl Svr, Cisco/Netgear routers. In short, NO Problems on this network and can ping all routers/clients in the WAN. Internet access is also ok in this network.
Added route on all clients in this network and it worked perfectly thereafter for this HQ Subnet.
route -p add 10.10.1.0 mask 255.255.255.0 10.10.10.100
route -p add 10.10.2.0 mask 255.255.255.0 10.10.10.100
route -p add 10.10.3.0 mask 255.255.255.0 10.10.10.100
route -p add 10.10.10.0 mask 255.255.255.0 10.10.10.100
Site A config:
subnet:10.10.1.0/255.255.255.0
Siemens Speedstream ADSL Router w/4-port switch Router:10.10.1.100/255.255.255.0
Firewall disabled
DHCP/NAT disabled
Added route on all clients in this subnet.
route -p add 10.10.10.0 mask 255.255.255.0 10.10.1.100
route -p add 10.10.1.0 mask 255.255.255.0 10.10.1.100
route -p add 10.10.2.0 mask 255.255.255.0 10.10.1.100
route -p add 10.10.3.0 mask 255.255.255.0 10.10.1.100
*** All PCs/Clients work perfectly fine connecting to HQ's SQl Svr. Can Ping all routers(including Netgear) in the WAN. BUT CANNOT ACCESS THE INTERNET!!!!!
**** SAME PROBLEM ON BOTH SITE B & C WITH THEIR DETAILS BELOW IDENTICAL TO SITE A. ALL REMOTE SITES CANNOT ACCESS INTERNET CONNECTED IN THE HQ SUBNET THRU CABLE TO THE NETGEAR ROUTE.
Site B config:
subnet:10.10.2.0/255.255.255.0
Siemens Speedstream ADSL Router w/4-port switch Router:10.10.2.100/255.255.255.0
Firewall disabled
DHCP/NAT disabled
Site C config:
subnet:10.10.3.0/255.255.255.0
Siemens Speedstream ADSL Router w/4-port switch Router:10.10.3.100/255.255.255.0
Firewall disabled
DHCP/NAT disabled
*** ALL REMOTE SITES CAN ACCESS SQL SERVER AND CAN PING/REMOTE MANAGE THE NETGEAR ROUTER AT 10.10.10.50.
Software/Hardware used:
Software/Hardware used:
ASKED:
May 29, 2006 12:06 AM
UPDATED:
May 30, 2006 12:05 PM
Answer Wiki:
Hi YNWAJLEE,
You can't access Internet having private IPs and disabling NAT - these IPs are not routable :o((
So, enable NAT on both sites, and don't forget to set default routes (according to the syntax of your router OS).
BR and good luck
Petko
To see all answers submitted to the Answer Wiki: View Answer History.
First of all, I didn?t see a default route on the remote side. It may be there but?
You?ll need two. One for the clients pointing to the remote Netgear and one on the Netgear pointing to HQ.
Since the remote clients can get to the SQL server the routes at HQ back to the remote client subnets must be okay.
If you have the default routes on the remote side ? or if you put them there and things still don?t work ? try a traceroute to an Internet address and see where you are getting to and where you are being dropped.
I?m not real familiar with the Netgear?s but there may be an issue with NAT?ing traffic that is not coming from it?s own internal side. On a PIX you would need to configure either to allow everything to be NAT?d or each individual network/host that you want NAT?d. The Netgear may be the same way.
Good Luck!
Your write up is insufficient to completely diagnose but, it looks like the subnet settings
are messed up. You are suggesting that you have four physical nets with one logical
setup. You need to include the default gateway information for each device.
If you are going to configure each machine by hand OK, but it would be easier to use DHCP with NAT enabled at your gateway to control what IPs get assigned down to the individual systems.
Customarily, a default gateway is set at the first usable IP,
(Example. Net 10.10.10.0/24 (this is CYDER notation))
Gateway 10.10.10.1 and zero is not used
Subnet mask 255.255.255.0
Other devices 10.10.10.10-254
This arrangement will not route in most cases across a formal router running any exterior oriented protocols, i.e., BGP, OSPF, etc. and to get the physical segments to propagate you may need to set up logical subnets, i.e.,
(Example. Net 10.10.10.0/26
Gateway 10.10.10.1 Gateway out of your control to ISP
Other devices 10.10.10.2 – 62
Subnet mask 255.255.255.192
Gateway to subnet above 10.10.10.65
Other devices 10.10.10.65 – 126
Subnet mask 255.255.255.192
Gateway to subnet above 10.10.10.65
Other devices 10.10.10.129 – 190
Subnet mask 255.255.255.192
Gateway to subnet above 10.10.10.65
Other devices 10.10.10.193
Subnet mask 255.255.255.192
That gets four subnets that are aware of each other. The missing IP number as for proper subnet communication on their segments. Also you need to check your hosts files for entries which can cause problems
George
I agree with the first response. Since you are using private addresses you will have to use NAT somewhere to access the internet. Do you want each remote location to access the internet directly? If so you will have to NAT at every location.
I also noticed you have the firewall turned off at each location. This is fine as long as the systems don’t communicate with the internet. As soon as you fix the internet access problem you should turn on firewalling and configure rules to only allow the traffic you want.
rt