configuration question
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by on October 23, 2006, 7:46 pm
Please log in for more thread options field has so they can troubleshoot. we don't have time warner infrastructure on our campus and we can't have dsl (too far). what we have is an isdn connection out to the provider connected via a cisco 1841 router. initially the user just wanted 1 connection and it works when the workstation is connected directly to the cisco 1841 router via cross-connect cable. the user, however, wants to have multiple connections and i had suggested a 2940 switch will do the trick. but the user insists that he needs the dlink di-804hv router in the mix. has anyone tried this type of configuration? i explained to the user that the cisco 1841 will take the place of the dlink router and that the initial request was for troubleshooting remote users who are having issues with their vpn connection. | |||||||||||||||||||
|
Posted by Walter Roberson on October 23, 2006, 9:06 pm
Please log in for more thread options Sounds reasonable in itself. >what we have is an isdn connection out to the provider connected via a
>cisco 1841 router. initially the user just wanted 1 connection and it >works when the workstation is connected directly to the cisco 1841 >router via cross-connect cable. With the dlink not in the circuit at that point, right? >the user, however, wants to have multiple connections and i had
>suggested a 2940 switch will do the trick. but the user insists that >he needs the dlink di-804hv router in the mix. >has anyone tried this type of configuration? i explained to the user
>that the cisco 1841 will take the place of the dlink router and that >the initial request was for troubleshooting remote users who are >having issues with their vpn connection. It isn't clear from your description exactly what it is that the user needs to test or emulate. If the user just needs multiple PCs or NICs connected to the ISDN connection via the 1841, then any decent switch will do, provided you can give enough IP address space for the purpose. If the user is responsible for supporting the VPN link of a remote office that has one of the di-804hv, then by all means if your security infrastructure can accomedate the request, let the user put in the dlink. The 1841 can be set up with multiple IPSec connections, yes, but the details of how different devices handle IPSec are sufficiently dirty that it is usually a good idea to have a lab test of the exact equipment (or at least very close in the same model line) to test with. | |||||||||||||||||||
|
Posted by on October 24, 2006, 10:23 pm
Please log in for more thread options On Tue, 24 Oct 2006 01:06:07 GMT, roberson@hushmail.com (Walter
Roberson) wrote: >
>>what we have is an isdn connection out to the provider connected via a
>>cisco 1841 router. initially the user just wanted 1 connection and it >>works when the workstation is connected directly to the cisco 1841 >>router via cross-connect cable. >
>With the dlink not in the circuit at that point, right? that is correct. there is no problem. >
>>the user, however, wants to have multiple connections and i had
>>suggested a 2940 switch will do the trick. but the user insists that >>he needs the dlink di-804hv router in the mix. >
>>has anyone tried this type of configuration? i explained to the user
>>that the cisco 1841 will take the place of the dlink router and that >>the initial request was for troubleshooting remote users who are >>having issues with their vpn connection. >
this is exactly what i told the user. the user first indicated that
>It isn't clear from your description exactly what it is that the user >needs to test or emulate. > they needed an "outside" connection that doesn't go through our proxy servers so that they can troubleshoot the vpn connection. i had explained to the user that they are still able to troubleshoot and the cisco 1841 will be used instead of the dlink that the users have at home. the user insists that they need to have the dlink in the mix because that is what the company issues to the remote users. however, when i asked if they customized the dlink before deploying and they said no. the only reason they have this type of dlink router because it was on the "approve" list because of the vpn features. i explained to the user that since no customization is done on the dlink router and they are only troubleshooting slow responses when the remote users complain i told him you don't need the dlink in the mix in our environment. just to reiterate, there is no dsl nor cable infrastructure in/on our campus. nor does any other businesses within the area... residential yes! i also explained to the user that if we had dsl on our campus, our group will not be supporting it. in addition, i told the user if the dsl goes down, the local lec (at&t) has up to 48 business hours to resolve it. believe me, it did take the lec those hours. we had a site in austin and when the dsl went down on a friday, it didn't get fix till the following wednesday. we had another site in mesquite nevada with multiple dsl's and when it went down the user were out of luck because they were at the mercy of the little mom&pop bell company. >If the user just needs multiple PCs or NICs connected to the ISDN
>connection via the 1841, then any decent switch will do, provided >you can give enough IP address space for the purpose. this was part of my original design. the user's initial request was for 1 connection. i gave them a /29 and reserved 2 ips (1 for the router & 1 for the switch) >
>If the user is responsible for supporting the VPN link >of a remote office that has one of the di-804hv, then by all >means if your security infrastructure can accomedate the request, >let the user put in the dlink. The 1841 can be set up with >multiple IPSec connections, yes, but the details of how different >devices handle IPSec are sufficiently dirty that it is usually >a good idea to have a lab test of the exact equipment (or at least >very close in the same model line) to test with. > i was in the process of testing, however, when the dlink is connected none of the workstations connected to the dlink is able to go out to the internet. even if i disabled IPSec it screws up the connection. i've looked at the dlink documentation and it doesn't show much. if you have any ideas on how to accomplish this it would be appreciated. my manager told me not to spend my time on this because on our campus everyone who requested an "outside" connection is configured the same way and have no issues and to just provide a switch if more than one connection is needed. i appreciate you taking the time in responding to my query. thanks | |||||||||||||||||||
>field has so they can troubleshoot.