Internet Related/Filtering/Firewall Thread, As the dust settles I need some help in Technical; Ok, after 2 days of having a major headache with talktalk, i finally know where i stand with this however ...
12th April 2013, 06:19 PM #1
As the dust settles I need some help
Ok, after 2 days of having a major headache with talktalk, i finally know where i stand with this however i would like to use the equipment i originally had and need some help... please bear with me.
Tuesday of this week everything was working fine and we could send and receive emails, provide external file access via HAP, use my cisco 1941 router, etc. Everything was a normal. Someone decided it would be a good idea to move our line rental for our broadband to talktalk. We were originally with Nildram (all those many moons ago) with a multilink (bonded ADSL) connection, who got taken over by opal, who then got taken over by tiscali. Anyway, after 10 years of things working correctly and smoothly and im going to hold my hand up, i didnt know how things were routed with the cisco 2600xm router as there was no paperwork or nothing was documented.
The time came to get a new router, i bought the cisco 1941 as it supported the dual adsl connection. I set it up by copying the config from the 2600xm and to my amazement things worked as they should.
A couple of years later (present time) we decide to change our line rental to talktalk... in hindsight.. a bad move but hopefully a better move in the future. This is where the fun starts.
I spoke to our account manager at talktalk who said that we could still have our multilink lines, keep our external IP ranges (a bank of 8 addresses) and still use our cisco 1941 router. I got my new username and password for my lines, however i found out that i had 2 username and passwords... which started the alarm bells ringing... why do i need 2 logins when i have a multilink line??? So i spoke to talktalk and they said that yep you just need to input the usernames and passwords into your box and away you go.... WELL... after a few phone calls later, i found out i had been given duff info from the start when really moving from a tiscali network to a talktalk network i cannot have a multilink line and i cannot keep my 8 IP addresses so the option now is to get ADSL fibre as my connection will be halfed, now down to 8meg. I spoke to my account manager at talktalk and said, pencil me in for the 18th April for fibre to be installed and i shall confirm that i want the fibre upgrade in the morning. I thought.. fine, yep, thats great. I went ahead and changed the username and password of the PPP chap details in the cisco 1941 router.
Things did not work from here and still dont continue to work 100%... where to start, this could get complecated.
The Cisco router would not route the internet connection to my smoothwall. The Cisco router was talking to the ISP without any problems as i could ping everything on the net via the router so i was obviously getting an IP from talktalk but since they had deleted/remove the bank of 8 IPs i initially had, of which the gigabitethernet0/1 port on the router had an address of 84.X.X.X 255.255.255.248 and the smoothie had an address of 84.X.X.X 255.255.255.248 which meant i could VPN into work. The exchange server / external email access was at 84.X.x.X 255.255.255.248 (configured on the smoothie) and external file access was at 84.X.X.X 255.255.255.248 (configured on the smoothie). I tried my best to try and get things to talk but now the pressure was on as i didnt have any internet access or email access.
The following day things clicked. I realised that talktalk had delete pretty much everything of my existing connection, so off to work i went with my home router to use at work. Plugged this in, set up the username and password and volah i have an internet connection that works but cannot receive emails or provide remote users with email or file access but can send emails. I thought since it was during the holidays things will be ok.. nope, how wrong was I? staff wanted to check their emails at which i said, sorry we are doing maintanence on our internet lines. I tried to get in contact with my account manager at talktalk who seems to have done a runner or is on holiday.
After trying to speak to my account manager i spoke to another account manager who made things a lot clearer and told me that what we had been given was false information.
Ive had to cancel my order for fibre so i can place an order for a bank of 4 IP addresses.
This is where i need your help.
I now have a bank of 4 public IP addresses with a /30 subnet (255.255.255.252). I have been told one of the IP addresses in the bank will be used to communicate between the router and the ISP. I plan to use one for the smoothie for a VPN connection, one for the exchange server and one for the external file access (HAP).
At the moment i have the crappy talktalk router talking to the smoothie... the crappy router local IP address is 192.168.X.X 255.255.255.0 and the smoothie on port 6 is configured 192.168.X.X 255.255.255.0.
Port 1 on the smoothwall is connected to the main switch and configured 172.X.X.X 255.255.248.0
How would i get my cisco 1941 router to be the main router here so i can get all my services working again? Well, at the moment, i would like the Cisco router to be able to provide an internet connection to the smoothie.
I have already emailed the domainadmin team and informed them of the IP to DNS change i need.
Would it help if i post an example of the config?
Last edited by ChrisH; 17th April 2013 at 01:42 PM.
IDG Tech News
12th April 2013, 06:47 PM #2
I think it would help if you could persuade the powers that be to get a provider that has a clue what they're doing - it's more than obvious that Talk Talk certainly do not - with or without the problems you're currently having! If they miss-sell a product they could end up in deep dishwater.
Wouldn't you just need to disable routing on your talktalk box with the clients pointed at your cisco box as the gateway (assuming there's no other routing in place)?
12th April 2013, 07:36 PM #3
I thought that too but i think its more budget reasons that we are going this talktalk, i mean the line hasn't really got any SLAs with it where a line which would give us 10meg sync with SLAs would cost about £260 pm.
The plan is to get rid of the talktalk box and run my cisco 1941 box as the router with the smoothie as the firewall. I dont think there is any other routing in place to be honest.
12th April 2013, 08:07 PM #4
I think i might know that i need to do..
OK, the static IP i get from my ISP which is one of the 4 public ones, would i be able configure the cisco router so that the gigabitethernet0/1 could have this IP address and then use IP ROUTE 172.16.24.0 255.255.248.0 gigabitethernet0/1 ???? Would that be ok? Even though dialer0 is using this address from the ISP?
Then use another one for the smoothie, one for the mail and one for the external file access??
15th April 2013, 11:06 AM #5
Ok, thats not worked, can anyone tell me how i route traffic from the ethernet interfaces on my router (cisco 1941) to the outside world please
15th April 2013, 02:10 PM #6
Have you been able to get the Cisco router to connect directly to the ADSL line and out onto the internet? Or is that where you are stuck?
Are you trying to route via a home DSL router into the Cisco then into Smoothwall? If that's the case I suspect you will have "fun" unless the cheap router does some form of port forwarding/Bridge mode so that the cisco box can handle the routing?
I think you have ADSL into the cisco router, in which case its down to what IPs talk talk are giving you? Is dialer0 on a different address range or are you needing to route across the 4 IPs you have. You might need to be creative with the subnet masks on the router.
15th April 2013, 02:28 PM #7
Are you sure those details are correct ?
Originally Posted by timbo343
That is only 2 usable address is it not ? A /30 subnet will 2 ^ 2 -2 = 2 addresses ie the only valid addresses are the second and third address in the range, the first is the network address and the last is the broadcast address.
A sanitised version of your config may help me picture your setup better.
Last edited by ChrisH; 15th April 2013 at 02:33 PM.
15th April 2013, 02:59 PM #8
That is what i have been given and it turns out is not correct, well its correct to a point... I HATE TALKTALK!!!!!!
They have put us on the most basic of basic connections.. FFS!!!!
They are going to setup my other line with 8 IPs and take it from there.
15th April 2013, 03:34 PM #9
Originally Posted by robk
I had the router connecting to the net so on the router i could ping all domains. I say had, ive broken that now but thats something im going to be looking at at 3pm
My head is spinning, i dont know what i need to do first and i cant remember what i did.
Will update this later on
15th April 2013, 05:15 PM #10
Ive finally got things working, im not sure what i did though but its just working now.. Just need talktalk to sort my IPs out.
16th April 2013, 08:16 PM #11
Well i take it back what i said about talktalk business. It turns out they have given me a bank of 8 new IP addresses along with an order of superfast broadband . Happy days. Just need to configure it all now .
16th April 2013, 11:01 PM #12
You hope it works.....
Originally Posted by timbo343
16th April 2013, 11:42 PM #13
Oh it will you cheeky git :P, ive configured it :P not somebody else , *cough*nycc*cough*
17th April 2013, 05:28 AM #14
Hi @timbo343 sounds like a complete nightmare, sorry to hear of the issues you have been having and glad it now seems to be panning out ok. Just a thought on your OP, in the past I have seen words of caution here on posting up IP address ranges in clear might be worth editing and substituting a few numbers with *s mate.
Thanks to speckytecky from:
timbo343 (17th April 2013)
17th April 2013, 06:17 AM #15
@speckytechy the ip addresses on the op are no longer in use with us and the dont point to anything, i have a complete new set of ip addresses as of last night which im not posting but thanks for the heads up. Maybe one of the mods @john could edit the op if i cant as i know after a cdrtain period the option to edit a post disappears.
Originally Posted by speckytecky
Thanks to timbo343 from:
speckytecky (17th April 2013)
By tudorcrisp in forum CLEO
Last Post: 24th March 2012, 08:05 PM
By luke240778 in forum Wireless Networks
Last Post: 26th July 2011, 12:16 AM
By meadowgirl in forum General Chat
Last Post: 30th September 2010, 04:17 PM
By SYSMAN_MK in forum Hardware
Last Post: 6th March 2008, 03:17 PM
By contink in forum General Chat
Last Post: 14th March 2007, 04:47 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)