clear some confusion - T1

MrGuvernment

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
21,882
buiying a new t1 firewall

my confusions seems to be what the CSU /DSU is

i assume it is the box the digital line connects to , what i thought was the modem?

we have the line, comes in ---->- box (csu?) --> large serial like cable out to cisco 1700 .---> out to switches


was considerinf the wacthguard x550e, they say it is t1 compatible, but i dont see where it could connect from the CSU to it, it only seems to have rj45 ports on it.....
 
Depending on what hardware the ISP supplies...you may want a converter/bridge. The T-1 provider I use....he places his Cisco routers onsite....which have an ethernet port on the "LAN" side...but I always want my routers to obtain the WAN IP address...so I have him setup his router "transparently".
 
for us we have to run the routers in office, which i prefer. all they provided was the box for the end of the line...
 
With my T1s we have the DSU in the Router. For our Internet we have:

T1 <--> Router & DSU <---> Firewall

That is a pretty typical setup that I have seen.
 
turns out watchguard is rather clueless, i asked them what systems that have that work on a T1, but you need the DSU / router, then their firewall after word via the lan port.


So now, any recommend a nice easy to config T1 Router / firewall, that can be configured soley via GUI mode with out having to become cisco certified...
 
So you are looking for a Router & DSU, that has a built in Firewall?

Any Cisco can do some firewalling within the router, but you really need to know what you are doing. I would actually expect any router to be able to do some firewalling, maybe not advanced things you can do in a firewall separately, but they can all do some firewalling by using the routing rules and tables.

So Nortel, Juniper, Adtran, Enterasys or Cisco should be able to do it. I don't know what the interface looks like for any of them other than the Enterasys or Cisco. Both of those look like the same CLI.
 
Any new ISR router from Comes with a full firewall set that can do IDS, IPS, and any firewall feature you need including new threat detection with flexible packet matching.

The only reason to get an ASA (formally pix) is if you need a ton of VPN connections, basically a concentrator.
 
we will only have maybe 2 VPN's are one time most, so that isnt a big thing...

check adtran most of their seem to be command line based, i guess over t cisco!

any suggestions on a $1500 US or less T1 router... replace a cisco 1700 :)


we dont need any like super hardcore firewalling, basics will do with NAT and basic DOS / ddos protection possibly since we will have 2 external sites coming from our t1
 
It truly depends on how many users / packets per second you need to handle.

I personally use & love the 1841 modular router which is the replacement to the 1700 series. The 1841 with Advanced IP Services, will set you back ~ $1500 plus the T1 card which you may be able to find on ebay for cheap (don't by from china!)
 
now to find it for $500 cheaper :D but thanks, i am more understanding all this T1 crap and csu and poo poo
 
or you could just get an older (used) 2611 with csu/dsu for less than a grand.. probably even less than $500 if you dont get ripped off. This will be more than sufficient for a lonely T1 and will offer the same featureset as the $2000 c1800 router.
 
dahlhana said:
or you could just get an older (used) 2611 with csu/dsu for less than a grand.. probably even less than $500 if you dont get ripped off. This will be more than sufficient for a lonely T1 and will offer the same featureset as the $2000 c1800 router.
Click to expand...

Very true, and I would agree except that if I understand the post correctly this is going to be a mission critical piece of hardware for the company. They will (or should) want to get a SmartNet to cover them in case of failure.

And not to be a stickler, as I have bought plenty of eBay Cisco for my home lab, but if you actually read their small print, technically when you buy a used Cisco router, you are not licensed for the software running on the router, and must re-purchase it from Cisco / get a SmartNet.

It is very consumer un-friendly, and I am not quite sure how they get away with it, but if you have a problem with a used router TAC wont talk to you if your licensing / smatNet are not on the up-and-up.
 
MrGuvernment said:
was considerinf the wacthguard x550e, they say it is t1 compatible, but i dont see where it could connect from the CSU to it, it only seems to have rj45 ports on it.....
Click to expand...
WatchGuard :cran:

They may make a decent product, but I've had nothing but confusion. But I think that's cause my boss is too cheap to buy a LiveSecurity plan for our old router's.
 
archivalbackup said:
Very true, and I would agree except that if I understand the post correctly this is going to be a mission critical piece of hardware for the company. They will (or should) want to get a SmartNet to cover them in case of failure.

And not to be a stickler, as I have bought plenty of eBay Cisco for my home lab, but if you actually read their small print, technically when you buy a used Cisco router, you are not licensed for the software running on the router, and must re-purchase it from Cisco / get a SmartNet.

It is very consumer un-friendly, and I am not quite sure how they get away with it, but if you have a problem with a used router TAC wont talk to you if your licensing / smatNet are not on the up-and-up.
Click to expand...


You are right, cisco does not allow the transfer of software when reselling equipment. I have however never heard about anyone getting in trouble by purchasing equipment with software loaded though.

I was wrong - you can get two c2611, each with their own csu/dsu for $500 (ebay 200172212211).. If you are paranoid about downtime, this is going to be better than having a smartNet contract (even the most complete smartnet contract will shut you down for 4hrs atleast), as the second router would be a cold standby router. Max downtime would be measured in minutes.

The watchguard firewall is really good, but if you only want NAT, then this is something that can be done with the cisco ios software installed in the router.
 
The T1 will be our main line for allow external HTTP access and office access out, however we also have a 4mb /1mb buisness cable line for back up, and also for certain people to use daily for just basic office work, so the down time could be handled, i am also planning to keep this 1700 around, can be used as a back up if ever needed.,

I talked to the CEO and told him i want to move as much of this our of our office and into our hosted cabinet at the ISP (previous people had paranoya because of their lack of security understanding) so the hosting from our office may not even be for that long pending how fast i learn,

I am looking more into this 1701 as i may be fine with it, i figured worse case, if i can at least configure it to DMZ an external IP out to a firewall box, i can do all the rules in the firewall.


head has too much infoooooooooooooooooooooooo
 
Do you think the company will grow to multiple offices?
If so you may want to plan for that and the appropriate hardware/connection technology
 
shade_star said:
Do you think the company will grow to multiple offices?
If so you may want to plan for that and the appropriate hardware/connection technology
Click to expand...

Not likely no, if it did grow we would move into a single area, but the future is more likely a complete buy-out to which we would then merge with the large company and they would overtake all of this,

the most i could see in the future 1-2 years is perhaps at most 2-3 more people joining us in that office, at most.
 
MrGuvernment said:
The T1 will be our main line for allow external HTTP access and office access out, however we also have a 4mb /1mb buisness cable line for back up,
Click to expand...

Quick Tip, the 1841 supports a Cable WIC (and actually has 2 WIC slots), so you could configure it to automatically fail over to your cable backup.

The 1700 series dosnt support the Cable WIC, and you may need a four port ethernet WIC if you plan to use an external cable modem as backup (I know that the 1721 only has 1 Ethernet port on the box). One last consideration - 1700's are End Of Life, and may stop getting software updates in the near future.
 
archivalbackup said:
Quick Tip, the 1841 supports a Cable WIC (and actually has 2 WIC slots), so you could configure it to automatically fail over to your cable backup. It even supports Cell modems which I think is pretty darn awesome. Good-bye ISDN backups.

The 1700 series dosnt support the Cable WIC, and you may need a four port ethernet WIC if you plan to use an external cable modem as backup (I know that the 1721 only has 1 Ethernet port on the box). One last consideration - 1700's are End Of Life, and may stop getting software updates in the near future.
Click to expand...

ddd
 
i dont even think our 1701 has been updates since it was bought, scarry thought. going to see what i can do with the 1701, having fail over is a bonus saves people reconfiguring their gateway to go to the cable line like currently set up
 
You must log in or register to reply here.
Back
Top