[Techtalk] Router choices
tech at murrain.net
Mon Jan 7 15:45:50 EST 2002
After spending far, far too much of my nonexistent time and energy on doing
research on T1 lines, Frame Relay, V.35, routers, firewalls, yadda yadda, I
am down to the wire on choosing a router option, and I need a bit of
Scenario: ISP is putting in a fractional T1 (at 512), and will install a
Cisco Integrated Access Device (IAD) which is basically an CSU/DSU with a
sh*tload of bells and whistles I don't need. But I've no choice.
Cisco router - there are several possibilities, 1601 single ethernet, 1605
dual ethernet (for DMZ). Cons: expensive (or cheaper but risky on e-bay).
Pros: easy to set up, ISP most familiar with this, no linux box for
Netopia router - R5100 - it has an 8 port hub as a part of it, and you can
set up a DMZ by setting up two separate IP subnets, with filter sets
inbetween so that the subnets can't see each other, and filter sets for
each subnet for firewalling (one for exposed to internet servers, one for
internal network). Pros: much, much cheaper, I know these products really
well (I've used 3 different models of Netopia routers in the past - they
have good tech support), no Linux box router/firewall required. Cons: I
don't know how good of a firewall option it is for separate subnets and
filter sets. Sounds like it might have some holes to me. I need to research
Sangoma S5141 card - installed in a box with 2 NICs. Pros: integrated Linux
solution, Sangoma knows linux, all advantages of a Linux router/firewall, I
learn more about linux. Cons: time, mostly, plus ISP TOTALLY in the dark
about this, although Sangoma provides tech support, have heard problems
with this setup from a different vendor who works a lot with setting up T1
lines. Also I have found no one who knows about the interaction between
this Cisco IAD and this Sangoma card - Sangoma didn't even have much to
say, except assurances that it would work.
Ideas? Although this is not a Linux based option, I am particularly
interested in option #2 for a variety of reasons, but I don't know enough
about subnetting to know whether or not this is a secure way to set up a DMZ.
The fourth option is to go with the Netopia router, and put in a 3 NIC
firewall after it.
tech at murrain.net
http://www.murrain.net/ for pgp public key
More information about the Techtalk