Point to Point T1 WAN
Posted on 2004-08-13
Ok, here is the deal:
Currently, we have a T1 line being provided that is terminated via a CSU/DSU and router provided by our telco. A standard 10/100 Ethernet jack is what interfaces the CSU/DSU with whatever Ethernet device I would like (router, firewall, computer...) I currently am using a SonicWall Pro 300 firewall for our main firewall. (25 PCs reside behind it, as well as 3 servers (1 webserver/dns/smtp/pop, 1 VoIP server, 1 Terminal Server)
The problem started at the beginning of July when I was informed we would be purchasing another building 3 miles down the road. Due to the VPN capabilities of the firewall, I thought this would be a simple Remote Office -> Corporate Office setup via VPN. All would have been good, had the DSL service the telco provided was worth anything. Because of some requirements, we had to have VoIP phones that integrated with our phone system, and work really well, accept when everyone uses the Internet and their phone at the same time (killing that poor little DSL line)
A point to point T1 connection.
My problem is this, how do I implement this? The line will be installed within 2 weeks. (just ordered it today) My thought has been to use Cisco 1720 or 2610 routers with WIC-T1-DSU/CSU cards, but where do I put these?
I still need the Internet to be accessible from all sides of the link, and I still need the PCs to be able to talk to each other through the link.
Should the Cisco routers be placed on the public network outside my firewall, between the telco router and my firewall, then a T1 connection over to my other building, and a second SonicWall router with a VPN tunnel which travels over the 1.5 MB connection?
Or should I put it inside my firewall, having it on some sort of a strange network? I'm not sure how that would work, considering all the PCs can only have one gateway. I would suppose I would have to have 2 Ethernet Links on the router at the corporate office, one for the outbound to the Sonicwall firewall, and one for the LAN connection, then the last WIC slot for the T1 connection?
To me, the one that makes the most sense is putting the routers on the outside of the firewalls, then utilizing the T1 just like any ISP would, and then just VPNing across the connection. The downside to this is the fact that I would have to open up all ports, but my firewalls at each end should stop any trouble.
Another option would be to setup the link in bridge mode, but I understand this can cause a lot of unneeded traffic (can't be too much, only a total of 40-50 PCs)
I would GREATLY appreciate any suggestions or help. The routers have to be purchased on Monday, and I've never even TOUCHED a Cisco router, but it seems easy enough to setup. Once again, thanks for the help.