What to upgrade our company router.

Hello there.  We have a small network at work:  18 workstations: 2 Servers: 2 Switches etc..

We have been suffering with intermittent internet connection loss  we lose connectivity for about 2 minutes to the internet.  The intranet still works, we do not lose mapped directory drives or anything, so this is not an server problem, I think.

This happens at any particular moment, so finding out the cause of this issue has been troublesome.  However, during the last blackout I managed to try and ping the default gateway  the first time I got 100% packet loss, the second time I got 75% packet loss.  So indeed, this would indicate a problem with the router?

I called BT, who installed the router and have access to the router interface/logs and asked them to check our ADSL line, test the line  and also to check the router logs.  Well, they said there was no problem; but this does still keep happening  not often, but it is something I need to look into.

So in essence, Im going to change the company router (its 5 years old anyway).   So I need help with the following (want to make sure I get this right and fully understand the implications of changing the router on the network  it might be as simple as plugging it in, then again it might not; first time I have done this).

Our setup:  ADSL>Router> Firewall > Server > Switch > Ethernet | Telephone > Workstations.

We currently have this router:
Siemens 5830:

I can connect to the status page of the router (this image will form part of my question)

So basically I want to upgrade our current router, but with as little downtime and / or configuration as possible.

1)      I take it I will have to get another ADSL router, as this is our connection
2)      The current router has a VPN/Firewall build in, would the new router have to have the same? (Dont think so, we have a hardware firewall?)
3)      We have a few users connecting via a VPN connection  after looking at the image above of the status page  would I have to configure a new router to allow anymore configurations.
4)      Can I just plug the new router in, and walk away? J  I mean, would any IP address change  we currently least 5 static IP address, so I take that it is not the router that assigns the (Server IP), but this is a static setting configured on the server itself.  At home I notice that the router I have just assigns each host a random 192.168.0.# number.

Are there any other areas you think I should look into before upgrading our router?

Thank you very much indeed, I know this is a easy question; but I can use this information as a learning experience, so thats why Im asking all the questions to make sure I get it right.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Since when have you been loosing connectivity?  If this was working earlier I dont see a reason it should not work now. It certainly does not seem to be a bad router issue.
Try connecting only one machine to the router and see if the connectivity breaks from a single pc also? If it does just for sake of testing try it with another PC so you are sure that your first PC was error free. Also if you have a command line interface to the router try and ping a puble ip direct within the router. Many a times it is possible that the network is infecte with malwares/spyware or viruses which may be  generating a lot of traffic and as a result choking the bandwidth.
Let me know how it goes, before you go to get a another router.
SpencerKarnovskiAuthor Commented:
Hello Arshana

Thanks for responding.

I cannot test the router by connecting one machine, it would put the who company offline - and as this is a printing company we run 24/7 including printjobs which have to be view in the factory by a HTMl link - so testing, this is way, is not an option.

Furthermore, the loss of connection is intermittent as best - it only happens say 1/2 a week - again, it could happen more but I might not notice it.  I am currently learning Wireshark to help narrow down the cause of our bottleneck.  And changing the router was advised by BT our broadband provider; the warranty has run out on our current router.

Additionally, if I could not ping the router at the first attempt, and managed to ping the router on the second attempt (75%) would this not indicate a) that there is a problem with our ADSL line? (However BT have run line tests and said the connection, from their end has been fine for weeks) or b) a problem with the router? (which as you expressed is very weird for a router just to stop working - surely I would have more reoccurring internet loss).

Also, I keep each PC up to date with maleware scans etc..  But once I have a grasp on Wireshark, I will be able to narrow down the bottlenecks.  It's just I need to deal with the loss on the internet connection first.

Thanks for the help.
You say that BT installed the router.
It probably means it is their router.
Replacing it may not be your decision to make.

1. A server is in between the firewall and the rest of the internal network?
2. What device is the VPN endpoint? router? firewall? server?
3. When you pinged the default gateway (looking at your setup it's difficult to determine) what device is that?

No offense, but given you knowledge of the subject, you may want to consider finding a local network guy to help you out.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

SpencerKarnovskiAuthor Commented:
Hello kdearing

I did say that BT recommended that I change their router; this obviously means that it is my decision to make.

Q1:1. A server is in between the firewall and the rest of the internal network?
Ans:  Yes, of course my server is between the firewall and the internal network - the firewall would not be any good if it did not shield the server, i.e. if it was not between the incoming ADSL connection and the server.

Q2:. What device is the VPN endpoint? router? firewall? server?
Ans:  If you read my post, then you would see the "I can connect to the status page of the router" - so it is a router.

Q3:  When you pinged the default gateway (looking at your setup it's difficult to determine) what device is that?
Ans: a default gateway, when talking in TCP/IP terms is always the router, espcially when my main question is based around connecting to a router.  And why is it hard to see the setup.  We have a ADSL connection going into the router, the router goes into the firewall, the server goes into the firewall and then into the switch.

And furthermore, no offence, but your last comment was not called for.  I am quiet capable in undertaking any changes to my network.  The reason for my questions (which to be honest, you did not even attempt to answer) was to make sure I have a full understanding of the possible risks from more experienced people - this does not mean to say that I don't have any knowledge.

But thanks for the feedback anyway.
So you basically mean to say when you ping from  the server to the firewall you at times get data packet losses. If thats the case then surely its a router issue, unless the router cable is faulty which I doubt.
I think you are best by replacing the router only. Zyxel 35 series is an excellent router with inbulit firewall and VPN features. You can purchase one and configure the setting first and just plug in the cable to the new one and get started.
All the best

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SpencerKarnovskiAuthor Commented:
Hello Arshana

Thank you very much indeed.

Indeed I have pinged the router and got packet 75% packet loss + 100% packet loss.  The router is 5 years old now, so regardless of the packet loss and/or connection issues; it needs changing.

Thanks for the Zyxel 35 Series suggestion, will purchase that and configure that - even better that is can be configured before it goes live.

I will leave this question open, so if I do run into any difficulties then I know who to ask.
Have a nice day

SpencerKarnovskiAuthor Commented:

I'm interested.  Just exactly what did I say that would lead you to conclude (even if you did read all my posts) that "given my knowledge of the subject, I should consider getting someone else to help"?

From a glance you did not even read my post correctly, asked inept questions, and failed to grasp basically terminology when faced with clearly written facts.

I am going to add for a moderator to remove your comments from this thread.
My last comment was based on the original post, marked "Beginner on this subject" and with questions like "Can I just plug the new router in, and walk away?"

I was trying to indicate (unsuccessfully) that this be undertaken by someone with some experience for several reasons.
This network appears to be a business. I have no problem with showing how to reconfigure a network if it is their home or a test setup. However, a business will usually not tolerate the network downtime it may take to get it working correctly. Also, in a business network, you have additional security concerns. A mis-configured router could open the network to all kinds of nasty surprises. Note that an unprotected computer can be compromised in about 20 minutes.

I apoligize if I offended you, that was certainly not my intention. I rather enjoy helping people with their networking problems.

On to your problem-

I am confused because this setup is odd:
Our setup:  ADSL>Router> Firewall > Server > Switch > Ethernet | Telephone > Workstations.

This tells me that in order for a workstation to get to the internet it goes through the switch, then the server (obviously multi-homed), then the firewall, then the router. That's three Layer3 devices for what appears to be a relatively simple network.

Q1: I don't think you understood my question. Why is all PC traffic going through the server before getting to the firewall, etc.

Q2: If the router is the VPN endpoint, then you are outside the firewall. Doesn't make sense.

Q3: According to your setup, a PC's default gateway is the server.

Before going out and buying another router I propose that you re-configure the existing router and put it in 'bridge' mode. That way it will handle all the ADSL configuration needed and act as a basic modem. This means your public IP address will now reside on your firewall. Depending on the specific model, you should be able to configure your VPN requirements there.
SpencerKarnovskiAuthor Commented:
Hello Kdearing

Well, I did not mean to come across ignorant to your obvious, exceeding, technical knowledge.  I may suggest, though, that saying "No offense, but given you knowledge of the subject, you may want to consider finding a local network guy to help you out." is not entirely the best route to go, when someone is asking for help.  We are all learning; my very reason for posting this question is to learn and make sure I do not make mistakes, therefore I do not need to be told to get someone else to do it.  I understand the importance and implications of any downtime that may be suffered due to my inexperience.

And my "Walk away and leave it point" was just an analogy type comment :)

Still, it is obvious that "walk away and leave it" is not an option and I need to read-read-read!

And yes, my workstations do traverse through 3 layers3 devices to access the internet.  The network here is not set-up optimally; we are still using Windows 2000 Server ><

Also, I cannot access the existing router interface - as this is run by BT - this makes things difficult as I cannot see the current configurations.  Would you recommend getting in touch with BT and asking them to provide me with access to the router?  So I could see what current setting we have in place; this should give me a better idea when setting up the new router.

I mean, then I could try setting the router on bridge mode, therefore making the public IP address reside on the Firewall - however, "could" this possibly cause any complications with the Firewall?

Again, I might be showing my inexperience here; but we all have to learn somewhere.  I don't plan on rushing this.

Thanks for any and all help.
Have a nice day.

I would definitely call BT and talk to them about putting the router in bridge mode. They may not allow you access to it, but they can do it.

I've double-checked the specs and manual for that router and it is capable of bridge mode. If you decide to do it, BT should be able to give you all the WAN IP configuration info. You will need this to re-configure the firewall.

The only sticking point is your remote access VPN. I am assuming your firewall is capable of it, but you'll need to verify before making your decision. I can check for you if you like. What mfr/model firewall do you have?

On the status page you posted, it shows options for "Type 1 VPN" and "Type 2 VPN", this must be something peculiar to BT. As far as I know that is not industry-recognized terminology. It may mean L2TP and IPSec, but I'm not sure. Again, they should be able to give you this information.

I've attached a copy of the manual for that router.

SpencerKarnovskiAuthor Commented:
Hi kdearing

Thank you very much indeed for the manual.

I have spoken to a BT rep, and they cannot access the router interface and have no idea how to either.  They installed the router, but said it was such a long time ago that they cannot access it - furthermore, they have no idea what the "Type 1 VPN" and "Type 2 VPN" means.  So, it looks like I cannot even access the interface.

What makes this doubly frustrating as over the weekend we got infected with Stration/Warezov spambot which started sending out spam emails using our outgoing NAT IP address - we therefore got blacklisted with CBL and could not receive any company emails.  As you know, to stop this we could limit outgoing  SMTP port 25 traffic by blocking all traffic but our legit mail server.  I would like to know how we got infected in the first place, we have a firewall that should have stopped such an attack - our virus software is up-to-date etc..  Anyway, that problem is solved and we are de-listed from CBL.

I was thinking, could I change the login details on the router status page.

This is risky though aye, I have to be mindful of the consequences..
I doubt it will do any good.
From what I've read, BT puts their own modified firmware on those devices. Only they can get to the configuration.

I would call BT and tell them you want the changes. If they can't make the changes you request, then they need to replace the device.
Note that it is their device and you are renting it as part of your internet service package.

I just noticed something. Didn't BT tell you in a previous call that they tested the line and checked the router logs? I would think it's difficult to do that without access to the router.

Get BT to replace the router. You are paying a fee for a device that is not configured the way you need, and may be faulty.

Threatening to go to a competitor is usually good motivation.
SpencerKarnovskiAuthor Commented:
Hello Kdearing - hope you are doing well today.

Well, I did mention to BT about them changing the router; the only option they proposed was to renew our contract (which was a bit odd, as we obviously have an existing contract - otherwise we would have no ADSL connection) and get a new router installed.  Furthermore, I have looked into our Firewall, and is it configured and run by our MIS software providers - and has been for many year, so any changes to the Firewall has to be run through them.

So for me to be able to change our current configuration, as you expressed, it would mean delegating between BT and them.  Not an easy proposition.  They will not change the Firewall settings without sending an expensive engineer to do it, BT will not change the router without us renewing our contract.  All this adds up to money, which from my bosses stand point is rather a waste when we could just replace our existing router with a new one

I will speak to BT again, and express, that we need to gain access to the router interface - they fitted it, so they must be able to access it.   Then maybe I can view what VPN settings we have, purchase a new router and install it at the weekend, so as to minimise downtime..

I appreciate your input here - if only I could assign points again!

Have a nice day
Sounds like you have a bit of a mess there, with 'outsiders' controlling 2 key pieces of your network.
Let me know how it turns out. I'll keep monitoring this thread.

In regards to your virus problem...
What are you using for switching?
If you have a good manageable switch for your core, you should be able to configure an ACL to block port 25 traffic.

Just curious, where in UK are you located?
I lived there for about 7 years, and visited many other times.
SpencerKarnovskiAuthor Commented:
Hi kdearing

I am currently working in Tonbridge (very nice medieval town with lot's of castles, very nice) and live in Gravesend (where they buried a lot of corpses during the plaque - not so nice).

As for the Switch, well - this is in a worse state than the router/firewall configurations!.  Our Switch has a lot of lose connectors, I have been told by my boss (when I was doing a survey - locating where our telephone/Ethernet wires were located in our offices) that just removing one Ethernet plug can shut down an random Ethernet/Telephone port! :)

Basically, my boss did all the networking here himself for a long time - then employed me (a graduate) to sort things out.  It may take me longer, with hardly any experience (BSc, A+, N+), but it would be cheaper in the long run.  Plus I get to learn stuff while I work.

So, I would not even know how to make the changes you expressed, yet.  Will research this option.

However, I do have some progress; have just been speaking to BT and they have agreed to send a new router, but get this, they will not tell me (as we thought) any of our current settings.  They have just said "We will help you configure it" - this does not mean they will come out, nope.  They'll send the router and give me a call.  I did say to him that it will be very hard for me not knowing any information (current static IP address, port configurations, VPN settings) to be able to configure the new router.  

Still, I will take it a step-at-a-time, always reserching and thinking of possible reprecusions of bad decisions/configurations.  You know what, some part of me thinks "Why am I here, I should be in a job whereby I can ask someone to show me this stuff - we all have to learn!" :)

And the virus, yeh that was a strange one.  It basically infected our NAT IP address and started spamming our clients - so I'm thinking that one of our workstations got infected, and then it started to use our public IP address (going through port 25) to send emails.

I have run scans on all workstations, but cannot find anything; the problem seemed to go away on its own.

Anyway, when I have the router here I might ask on your, much valued and welcomed, experience!
Thank you very much indeed for your help.

I've been through that area many times on the way to Dover or Hastings. I can't recall if I stopped. I used to spend entire weekends travelling around looking at castles.
I lived in Suffolk (Ipswitch and Bury St. Edmunds).

Your virus problem bothers me for 2 reasons:
1. You normally don't get blacklisted if it was only a short period.
2. Assuming one of the PCs was infected with a bot-type virus, they don't just go away.

I am assuming your anti-virus is a good one and everything is up-to-date.
If I were you, I would get a "second opinion" by running one of the online scanners (they're free).
I like to use TrandMicro's HouseCall:

A couple of other possibilities...

Did you have a visitor using your network recently?

If you have wireless, maybe someone got on the network that way?

Unauthorized equipment?
    I've seen this more often than you'd think. For example, someone brings their Linksys wireless router from home because they want wireless in their office.

Something to ponder..........
Just curious...any updates?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.