Remote Office Connect Configuration Help 1

[techshoot]

I have inherited an existing network setup connecting a Windows NT4 SP6a sever with a remote office in another state across a T-1 line (also being used for voice). The server end is connected to the T-1 through a Cisco 2620 router to the remote location Cisco 2620 Router that simply connects to an unmanaged hub to the various (5) workstations. Data communications between sites is slow and sometimes interrupted. It appears from the Cisco
configuration that I am using 4 (1-4) channels of the T-1 for data and 12 (13-24) for voice. We currently have no connection to the internet, except for individual dial-up accounts, and would like to have such access and am trying to figure the best approaches to solve the equation. In addition to this connection, it would also be desirable for traveling employees to access the network, probably via VPN.

One solution I had heard was to add a DSL connection to the system at the local network for internet access and VPN. This would require an additional router as the Cisco is full of expansion cards, but should be not problem. That could allow my remote office to do internet access via the T-1, but that is already slow, but providing a high bandwidth connection at the remote office would also provide a backup through the VPN in the event the T-1 went down, as it is at this moment. The only fly in this is not sure of what connections are available at the remote site as it is outside a small southern town which barely has cell phone connection.

Any help or opinions would be appreciated.

 

[jbroyles]

Is the T-1 terminating directly into the 2620 or is there a CSU/DSU attached which then hits the 2620 via a v.35 connection. In other words, where does the voice split off? Judging on the way you described the channel configuration I'm assuming that it is a point to point T-1. 4 Channels for Data should give you 256K of Continuos bandwidth for your remote access data. While it should be much faster than dial-up, you need to keep in mind that if you are doing any serious file transfer, or database access across this type of connection it will be extremely slow when compared to a minimum 10Meg and more likely 100Meg local network connection. Your plan should encompass what type of applications are going to pass what type of data across that pipe. If you attempt to conserve bandwidth within the pipe (IE... Citrix, Terminal Services) while at the same time coming up with your plan to provide Internet Access you should do fine. Do you also plan to provide internet access to the remote site through the existing data connection? Remember you have 512K left to expand in the T-1 if necc. If you do provide Internet Access via D.S.L. at the main site you should know that the FCC mandates the service providers to make an initial response to trouble calls on T-1, or Frame Relay circuits within 1 hour and DSL within 3 business days. Don't put anything mission critical on DSL. It is much more likely to go down that your T-1. In either case if you do provide Internet Access you'll need to be sure to firewall it. This gives you an opportunity to do the VPN efficiently. I suggest using a Cisco Pix 506, or 515 for the firewall box. They are reasonably priced and will provide you with a great vpn solution as well. I figure if you already have the 2620's you might as well do the next step right and remain Cisco. I have 2-2620's between remote sites passing IP Voice and Data, 1-1720 Internet Router passing into a Pix 515R then to a Cisco 2924 Data Switch. I work remotely through VPN and even hang an IP phone off my cable modem to become a regular extension of the Company PBX. It all works beautifully. If you need more specifics reply with your e-mail and maybe we can visio the solution up together.

JBroyles

 

[techshoot]

The T-1 terminates directly to the 2620, but there is a remote dial-up router that connects to the CSU/DSU port for the company president to use (which will go away after the DSL). The primary usage of the T-1 data lines are for the ERP database application (Visual Manufacturing using SQLBase) which is why even 256K is not enough. Is it simply a case of changing the router configs from 1-4 to 1-(up to 12) to increase the bandwidth? The voice lines are just fine and have no need to be expanded. I would assume to change this I can telnet to the remote and make the modifications and then telnet to the local to match them.

The DSL will be for user remote access (from home, etc.) and is not for mission critical, although it would give the remote office another path to the network should the T-1 go down (which it did for two days on Sept 11 & 12). The DSL provider has assurred me that VPN will be no problem and they would give me two static ip addresses, one for internet and the other for VPN. I will check out the Cisco units you mentioned, I have already checked out the LynkSys and they appear to be pretty good, but for a few more bucks I would opt for Cisco.

Thanks

 

[jbroyles]

Aside from the configs in the routers, you need to confirm with your T-1 provider that bandwidth you have purchased, If you indeed pay for the full T-1 the router configs are straight forward and you can update them by telnet just remember to write mem when you are done on expect your connection to get dropped when it reloads the config. Please stay away from the Linksys stuff in a business environment. It really is not designed to handle what your looking for and definitely won't provide the security you need. Even if it's not mission critical the Pix will take care of both your security and Truly secure VPN issues. Cisco is big on an end to end solution. It's not just marketing bunk. You should be using their VPN Client with their Firewall. It is truly unbeatable.

 

[techshoot]

I will be changing the T-1 config shortly as we pay for the full T-1. I have been checking out the Cisco options, as that is the current type routers we have but have become confused as to what to use. I looked over the pix units and cannot seem to determine if they will do the routing I need (NAT, etc.) but of course do the firewall. I then looked at the 827 DSL router which will do all the routing but it was not clear if the IOS firewall is included or a seperate adder. There is a big difference in price with the 506pix going $1500, the 515pix for $2500 to $9500, while the 827 is going for $700. If I go with the 506pix, do I need the 827 router as well?

Thanks for the help!

 

[jbroyles]

Sorry I didn't mention this before. You still need a router for the internet traffic. The pix does NO routing. I know that sounds like it's missing a feature, but actually that is it's strength. Stay away from the IOS firewall software in the 827 (or any other router). The best rule to use it to let the router do the routing and the firewall do the firewalling. Using the IOS software is appealing at first financially, but once you start talking VPN and hosting Public IP's, those machines get overwhelmed quickly, especially the baby 827 . It's actually a great little router. I use the 1720 for my internet router. If you forward me an e-mail address, I'll send you a copy of my latest WAN drawing in PDF form so you can get some more ideas.

 

[techshoot]

I could not find your e-mail, perhaps I simply overlooked where to find it. Mine is dkaylor@ktech-usa.com.

Thanks

http://www.ktech-usa.com