[Techtalk] Router choices

Michelle Murrain tech at murrain.net
Mon Jan 7 15:45:50 EST 2002

Hi folks,

After spending far, far too much of my nonexistent time and energy on doing 
research on T1 lines, Frame Relay, V.35, routers, firewalls, yadda yadda, I 
am down to the wire on choosing a router option, and I need a bit of 
help/reality/sanity checking.

Scenario: ISP is putting in a fractional T1 (at 512), and will install a 
Cisco Integrated Access Device (IAD) which is basically an CSU/DSU with a 
sh*tload of bells and whistles I don't need. But I've no choice.

My options:

Cisco router - there are several possibilities, 1601 single ethernet, 1605 
dual ethernet (for DMZ). Cons: expensive (or cheaper but risky on e-bay). 
Pros: easy to set up, ISP most familiar with this, no linux box for 
router/firewall required.

Netopia router - R5100 - it has an 8 port hub as a part of it, and you can 
set up a DMZ by setting up two separate IP subnets, with filter sets 
inbetween so that the subnets can't see each other, and filter sets for 
each subnet for firewalling (one for exposed to internet servers, one for 
internal network). Pros: much, much cheaper, I know these products really 
well (I've used 3 different models of Netopia routers in the past - they 
have good tech support), no Linux box router/firewall required. Cons: I 
don't know how good of a firewall option it is for separate subnets and 
filter sets. Sounds like it might have some holes to me. I need to research 
it more.

Sangoma S5141 card - installed in a box with 2 NICs. Pros: integrated Linux 
solution, Sangoma knows linux, all advantages of a Linux router/firewall, I 
learn more about linux. Cons: time, mostly, plus ISP TOTALLY in the dark 
about this, although Sangoma provides tech support, have heard problems 
with this setup from a different vendor who works a lot with setting up T1 
lines. Also I have found no one who knows about the interaction between 
this Cisco IAD and this Sangoma card - Sangoma didn't even have much to 
say, except assurances that it would work.

Ideas? Although  this is not a Linux based option, I am particularly 
interested in option #2 for a variety of reasons, but I don't know enough 
about subnetting to know whether or not this is a secure way to set up a DMZ.

The fourth option is to go with the Netopia router, and put in a 3 NIC 
firewall after it.



Michelle Murrain
tech at murrain.net
http://www.murrain.net/ for pgp public key

More information about the Techtalk mailing list