Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

1721 config questions 1

Status
Not open for further replies.
gdm12345

gdm12345

Technical User
Joined
Apr 10, 2006
Messages
2
Location
US
Just bought a Cisco 1721 w/ (2) Wic-1DSU-T1-V2's and a VPN module crypto accelerator. We are upgrading to (2) bonded T1's from a frac-T1 in a week or so. The 1721 will be the default gateway & firewall on our network. We deal with medical data so security will be a must.
We have 5 static IP's for our use but only 1 WAN Broadcast IP.
We will also be putting 4 new servers in place on the LAN that we want specific employees to access remotely via internet through VPN.
I need to determine how best to
(a) config 1721 for the bonded T1 inputs
(b) setup VPN(s) for redirects to specific servers depending on employee login or static IP url
(c) optimize the 1721 for internet access/throughput by the employees on the LAN
Not asking for much - huh.. :-) Any input is appreciated.
 
Sort by date Sort by votes
I would recommend just using the 1721 as your edge router and getting at least an 1841 of 2811 with advanced security feature set. This is a really great routers that have IPS prevention instead of IDS of the 1721. The only way I could think that you can possibly do this with just the 1721 is to use the 1st ip routeable on the ethernet and setup a secondary ip on that same interface. Not best practice and think you will have problems. Not normally a problem with just LAN networks but you dont want to mix WAN and LAN together.


Sample of T1 multilink.

interface Multilink1
description connected to ISP
ip address 10.10.10.1 255.255.255.252
ppp multilink
ppp multilink fragment disable
ppp multilink group 1


interface Serial0/0
description multilink 1 interface
no ip address
encapsulation ppp
no keepalive
no fair-queue
ppp multilink
ppp multilink group 1


interface Serial0/1
description multilink 1 interface
no ip address
encapsulation ppp
no keepalive
no fair-queue
ppp multilink
ppp multilink group 1

1st ip routeable on ethernet interface which should connect to your firewall device which uses the 2nd ip routeable.
 
Upvote 0 Downvote
Thanks - I already have a PIX in place. I guess my biggest worry is how to direct specific remote users w/specific share permissions to the correct LAN IP (server/program).
Would a WebVPN work if set up with the correct redirects?
 
Upvote 0 Downvote
Not that familiar with PIX but I believe you control were each VPN client or client group can get to by the use of access control lists on the PIX. The T1 config we use and it works great.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
923
BIS
BIS
Drug_Store
  • Locked
  • Question Question
Cisco 3560g 48ports PoE - config
Replies
1
Views
283
Drug_Store
Drug_Store
Punk6296
  • Locked
  • Question Question
UC520-8U-2BRI-K9 Questions
Replies
0
Views
215
Punk6296
Punk6296
Tariq Habaybeh
  • Locked
  • Question Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
389
burtsbees
burtsbees
bfordz
  • Locked
  • Question Question
cisco switch upgrade questions;
Replies
2
Views
281
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top