One firewall with DMZ & no other equip needed. Netscreen 10 would work. Ext interface to router, Int interface to your LAN, DMZ to other LAN. This would give you firewall protection between all interfaces plus NAT. Around 3k.
The real problem will be...what to do with the leftover Cisco 1720 & T1. Saved enough to pay for the new firewall in 60days. Keith ----- Original Message ----- From: "Greg Page" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <[EMAIL PROTECTED]> Sent: Friday, September 28, 2001 10:40 PM Subject: RE: Router connection issue > The 1720's only support one WIC, so I think your only option is to get a > switch (catalyst 2912 comes to mind) where you can set VLANs up and hang > firewalls between the two companies. You get the connectivity with the > protection, but it will not be free. > > Greg > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 28, 2001 5:37 PM > To: NT System Admin Issues > Subject: RE: Router connection issue > > > > Basically, we have two fully functional networks, both with Cisco 1720 > routers. We want to keep the networks separate and only want to be able to > use a single T-1 instead of separate T-1s. Both routers and T-1 connections > are in the same wiring closet. What I would like to do is use some sort of > switch for both routers to plug into and from the switch, plug into the > single T-1. We originally had their network connected to our and had all > sorts of issues between our NT4 servers and their Win2K servers, which is > why they went with a separate router and T-1. > > HTH, > Pat > > Pat Marshall > Systems Administrator > Microsoft Certified Professional > Flying Rhinoceros > 1440 NW Overton Street > Portland, OR 97209 > (503) 552-8700 > (503) 221-7282 (Fax) > > > > > > Steven.Beckwith@lsa > > -assoc.com To: "NT System Admin > Issues" > > <[EMAIL PROTECTED]> > 09/28/01 02:01 PM cc: > > Please respond to Subject: RE: Router > connection issue > "NT System Admin > > Issues" > > > > > > > > > > I don't know what a white Russian is but it sounds good for a Friday. Don't > start a whole discussion on it - enough noise already. > > > 1) the T-1 is a digital line that connects to a CSU/DSU (serial connection) > on your router. As Jason points out, CSU's can be internal or external and > I suspect you have an internal WIC card similar to his set up which is why > there may be confusion. > > > Although you may have an RJ-45 connector and a regular patch cord (you could > actually use a regular phone line), it is NOT an ethernet type connection, > so only one router can host this connection (You could opt for a THIRD > router in your solution). > > > 2) you are also going to need to know about how many "real" (outside) IP > addresses you have and whether you intend to "share" them (NAT - Network > address translation) or whether you will "redirect" them (PAT - Port address > translation). > > > A few other questions come to mind. Is there any inbound traffic that needs > to be directed to a specific box (www, smtp) i.e. Do you or the other > company want to have exchange servers or web servers accessible from the > internet (in which case you will need dedicated static outside IP addresses > for each service) or do you both still get mail via pop3, (in which case > maybe you can get by with NAT). How many nodes each office, what types of > routers are these? > > > I like the idea of sharing resources to keep costs down, but I need to say > AMEN to the Firewalling suggestion, esp. to protect your network from theirs > and vice versa (as well as obviously - the outside). > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 28, 2001 1:30 PM > To: NT System Admin Issues > Subject: Router connection issue > > > > > > -----Original Message----- > From: Jason Morris [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 28, 2001 1:47 PM > To: NT System Admin Issues > Cc: '[EMAIL PROTECTED]' > Subject: RE: Router connection issue > > > > > > Where is the csu/dsu in your layout? You need one of them to talk from the > > t1 to the router. All of my routers were purchased with the WICT1-DSU built > in so I just terminate there. If you have an external csu like from Adtran > > you need the cable going from the csu to the router, depending on the > interface. > > > Here's what I would recommend to segment the networks from each other. Make > sure your router has 2 ethernet ports, set one port up on their network and > > the other on your network. Setup a loopback port and route anything going > from network A to network B to that loopback and vice versa, but anything > going to and from the Internet would be routed properly. > > > Also....it's really really really necessary to setup some sort of firewall. > > Perhaps that's where you can do your routing from network to internet. Setup > a Linux box with 3 NICs, 1 for each network and 1 for the internet router. > Setup the firewalling and away you go. > > > If you need more help, feel free to contact me directly. > Jason Morris CCDA CCNP > Network Administrator > MJMC, Inc. > 708-225-2350 > [EMAIL PROTECTED] > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 28, 2001 3:30 PM > To: NT System Admin Issues > Subject: Router connection issue > > > > > > > Hi Everyone, > > > I've been a lurker for quite a while (learning bunches), but now I have a > problem that totally confounds me. > > > There are two companies in the building where I work. Each company has a > separate network connected through a separate Cisco router to a T-1. For > financial reasons, the two companies have agreed to share a single T-1. What > I would like to do is have a switch that both routers plug into, and which > then uplinks to the single T-1. We do not want to co-mingle the networks. > According to Cisco's documentation, it is a straight-through cable from the > router to the T-1. If I connect the switch or a hub between > > our router and its T-1, I get an alarm on the router and no connection > lights on the switch/hub. I've also tried using a crossover cable with the > > same effect and have tried using/not using the uplink port on the > switch/hub. Have also tried restarting the router between connection > changes. What am I missing? I'm ready to give up and head to the nearest > bar for a pitcher of White Russians. > > > TIA, > Pat > > > Pat Marshall > Systems Administrator > Microsoft Certified Professional > Flying Rhinoceros > 1440 NW Overton Street > Portland, OR 97209 > (503) 552-8700 > (503) 221-7282 (Fax) > > > > > > > Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ > Confidential: This e-mail and any files transmitted with it are the > property of Lanco International and/or its affiliates, are confidential, and > are intended solely for the use of the individual or entity to whom this > e-mail is addressed. If you are not one of the named recipient(s) or > otherwise have reason to believe that you have received this message in > error, please notify the sender at the above e-mail address and delete this > > message immediately from your computer. Any other use, retention, > dissemination, forwarding, printing or copying of this e-mail is strictly > prohibited. > > > Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ > > > Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ > > > > > > > > > Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ > > Want to unsub? Do that here: > http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: > http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
