T1 CSU/DSU to switch

[RadioX]

Is it possible to run a T! CSU DSU to a switch. Here is my scenario.

I have a guy in the building next to us who wants a T1 connection from our back bone. We were going to do this via a wireless connection. I was going to put a wireless bridge in the building next door and connect it to a hub and put a wireless bridge in my building and connect it to my switch. Is it then possible to take this guys t1 interface and plug it into the hub and then plug it into a t1 interface on my side. If not then how would I go about getting this guy access. He wants his own router so that he can set up a VPN.

Thanks
Ron

 

[wybnormal]

Ron- you are talking apples and oranges.. dried oranges at this point ;-)

T1 is a signaling specification.. the DSU/CSU is the "converter" which can "convert" from the T1 signaling to something called V.35 which is another type of serial interface. The serial interface on a router can convert this V.35 to something the network can use.

Now.. I skipped ALOT here.. there are all sorts of mutations of equipment where the V.35 may be intergrated into a *normal" RS-232 pin out and so on. Companies like BlackBox make lots of money providing creative interfaces for this sort of thing.

And no, plugging the T1 into a hub wont work.. even though they have the same RJ45 jacks.

Why a T1 from your backbone? Even the slowest 10baseT network is still 10Mbps vs. the T's 1.544Mbps If you want to limit the bandwidth, there are options via software in the router or hardware like the Packeteer(spelling?)

MikeS
Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[RadioX]

Mike,

Thanks for the response. Here is what I am trying to do with this. The building next door wants internet access. So to make a little to cover our overhead on bandwidth we agreed to provide it to them. I am doing this with a wireless connection from building to building. The regular people who just want access are just find. Ill just jack them into the switch in the phone closet that is connected to the wireless bridge. Assign them some IP's and they will be on there way.

Well this guy is a special case. He wants to do a VPN with his home office. Now I am not familiar with VPN and am actually just starting to look at them so they are a new experience for me. But basically he wants a router in his office to do this VPN with. Is there another way he can do this without the router or with different interfaces on the router (ie. 2 ethernet interfaces) since I am not going to be able to get around this with my configuration.

Thanks for all your help

Ron

 

[otakuoverlord]

Hey- don't forget about the distance you're dealing with on a wireless connection. Even bluetooth isn't 100% effective (which I doubt you're working with) if you're a distance away. Are we talking the kind of distance you get in new york- a hundred feet from wall to wall?

If you're planning to actively limit the bandwith the other building gets, you should set up a single sender and reciever and find out exactly how much bandwith is getting there. And depending on the stuff inbetween the walls, and the prevalence of frequency interference (don't deny it- it happens) you might not need to limit him anyway.

Maybe this doesn't help you at all, but the 'call was free' so to speak, and you might appreciate my two cents.

-Mac

 

[wybnormal]

The bad news is I'm not well versed in VPNs (yet).. so I can only suggest you find someone who is well versed in the world of VPN. I will offer up this, that VPNs are a pain in the butt to get going and keep going. The clients tend to be problematic and do not play well with others. Not to say they dont work, they can.. it's just a pain at times.

We had a VPN client from our *old* ISP ( before they dot-bombed) which was Windows only.. actually 95-98 ONLY.. no 2K, No ME, No Mac etc.. and then it tried to take over the IP stack completely. We had to use a 3rd party "switch" software to redo the stack each time the user wanted to get out of the VPN and go back to their cable/DSL connection. It also had several large security holes. It used a public network to gain access to the VPN server.. but it left this connection open while it maintained the VPN connection.. so there was an "open doorway" from the internet to the VPN through the desktop. If something bad happened via the internet( hacker, trojan etc) it had access to the supposedly secure VPN. Bad idea!!!

Just some thing to look for

MikeS
Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[talisker]

I've worked a bit with VPNs, so here's my two cents worth:

There are two standard ways of doing this using a VPN router (ie Nortel Contivity or Cisco 800) - the first way assumes that you already have a firewall in place. In this case, you place your VPN box on the same (interior)LAN segment that the firewall is on. You set the VPN box to allow users to access only the segment(s) you want - in this case you probably only want to allow connections to the subnet connected to the building next door (the segment the hosts are on). Logins can either be authenticated by the VPN box, the Domain Controller (if you're using NT) or both. Remember that remote clients connect to their local ISP first, and then establish a connection with the VPN box (via your ISP) using the IP address of the VPN box. Once a connection is established, the remote host is assigned an IP address on the local subnet (ie the building across the street). You will need to decide which tunneling protocol to use (ie IPSEC, PPTP), and you may need VPN Client software as well.

The second way is to use the VPN box as a firewall - in this case you put it between your Internet router & your internal router (in the DMZ). This way is more complicated because you generally have to allow limited access to all subnets in order for Internet access to work, but you can still set it up so that VPN access is limited to a single subnet.

Either way I recommend using access lists on your router so that hosts on the subnet next door cannot access your own internal subnets.

The last point I want to make is about limiting bandwidth. You cannot easily limit the bandwidth used by the VPN connection without affecting general Internet traffic, but you may be able to limit the bandwidth used on the segment connecting your network to the building next door. This can be done either using the policy-map command (on ethernet segments) or with bandwidth/clockrate on point-to-point serial connections.

I hope this helps!