Q: Hey guys,
Im probably getting a T1 installed at the office in the next month or so, and I need to get equipment and selected out.
Right now were just running on a 675 w priced DSL a Linux router, and a Win2k PPTP VPN.
We have several other locations (stores) that we communicate via dial-up when we need to retrieve data at the end of the day or torubleshooting do. Were up 27 or 28 now stores the modem situation is messy and I would like to a WAN.
The budget was not available early for the hardware store, but I would like the corporate stuff designed to make it a painless process later.
I m looking at getting a Cisco 2600 series and PIX Firewall to obtain. (515?) Later I want the boxes around the $ 500ish in the shops here to connect to broadband.
What I do not provide model # s, accessories, to see exactly what, etc.
Re:It does tend to be a little on the pricey side for what I intend to do at this point, but I do have $5k in the budget for it, and I also tend to overbuild things.
I will definately look into the lower models though (16/1700 and 506) to see if they would work, because you're right, I definately don't need something that'll do 30mb/s for a lowly T1 line.
Part of the reason for my overbuilding is just that year before last there was a buyout of retail stores that ended up giving us 50% more of them to deal with. It was right before I got here, and I ended up having to deal with a system that didn't have near the capacity to do the work we needed with the extra staff here and stuff.
It was only running on one working modem, on a P150 w/112mb RAM that served the corporate software on a UNIX base. So that means that the 20+ concurrent users were all sharing that.
We have had a new business development guy for a while, and it looks like we may do a couple more aquisitions in the near future, so I just want to always stay ahead of the game, and something like this would keep me going for a few years out.
I currently also have a server doing something for like every 3.5 people at the main office, but they are all underloaded and I never have to worry about them at all. We could also double or triple in size overnight and I wouldn't have to do any upgrades other than adding a couple of switches for the ports.
As for the cost… I have no idea what it's going to cost to manage all of this stuff, because I plan on learning as I go, and only hiring people that will teach me how to do something instead of setting it up and leaving me a business card. I'm a pretty good learner, so I should be able to manage it. Should we do the aquisitions I will also probably get an assistant (since I'm the entire IT department right now) to deal with store machine support, PC support, and general stuff like that so I can focus on the networking and webservers. *crosses fingers*
Also, every picture I've seen of a 1700 didn't lead me to believe it was a rackmount box, and that's the way all of our stuff is set up. 
Re:Whats the cost for managing 25+ firewalls? Will you monitor your firewalls?
Re:… Meaning that Spidey's solution would cost you about $4,600.
I'll throw in my two cents. If you're going to have a separate firewall, you can get away with a lower-end router, like a 1700. You might even be able to use a 1600, since all you need is straight IP routing. Be sure to get one with a built-in T1 CSU, since that's far cheaper than an extermal CSU and a cable.
A PIX 506 will do the trick quite nicely. It can easily handle the load of a T1 and some VPN tunnels without sweating too much. A 515 is a better unit, but it's too pricey for your budget, and you don't need 30+Mb/s of firewall throughput, in any case.
- G
Re:Originally posted by: guy
that'll be 400 dollars in consulting fees.
Which equals about an hour bar tab for ya, eh spidey?Re:Yeah, lots more sense.
I see a few things you need.
Internet connection – T1. A cisco 2600 router with an integrated T1 module would work well, as would a 1700 if you need to skimp a little bit with capital. Base comes with IP software, if you want firewall features or other VPN type stuff on the router (not recommend VPN on the router) then you can pay for various options.
Head end firewall with scalable VPN capabilities/performance – A cisco 506 (25 max vpns i believe) or 515 would work pretty good. Sonicwall also make awesome products for vpns of this size. I'd check out both.
Small SOHO firewall with good remote troubleshooting and vpn options – pix 501 or sonicwall.
And there you have it. Make sure you understand how DSL is installed so you can ensure your little firewalls can handle PPPoE OK.
Have fun, and that'll be 400 dollars in consulting fees.
Re:Okay, guess I didn't explain that well enough. That's what I get for typing with people in my office trying to ask me stuff.
Right now we are using 4 analog modems to poll the stores, which is quite a pain. They work okay for the most part, but we miss a couple each night, the connections aren't very good, we have timing issues, etc. etc.
We are going to be getting a T1 anyway for other purposes, and I have around $5k set aside for hardware. This will be the primary internet access at the office (all channels, not sharing with phones) and we are going to drop the DSL.
So here are my considerations for the upgrade:
1.) A new router, I just picked Cisco because they are high quality, and I should have enough budget.
2.) Since I have the budget, I'd like to get the PIX if I can so that later I can build a WAN for the stores to eliminate the modems as well as add functionality (realtime stats, sharing the line with security cameras, etc.) I'm just not sure which models do exactly what.
3.) I need to pick a Retail device (Such as the 501) that will seek out the corp office (as a lot of them will end up with dynamic IPs), and create a big VPN WAN. The reason for this vs. a traditional WAN is the cost vs. benefit we get. The company has had stores for 20+ years, so they don't readily see the benefit of tying them all together right away.
4.) I would like to get off of the Linux software firewall simply because it's getting old and I'm not very up to date with Linux security. It also runs our sendmail server which is going away for an Exchange server soon and I'd like to do it all at once.
So basically, I'm looking at getting a full T1 for internet access at the main office, and would like to get a hardware firewall at the same time that will allow me later to connect up stores for polling and/or other uses. The only other thing that comes to mind right now is that there are two stores that would like to set up workstations for managers that would essentially need to be hard-wired VPNd to here to avoid the training.
Also, the stores run a mix of hardware/software, some being SCO, some being Linux, along with the occasional district manager that would like to pop in and get on the net, plus other things like cameras, so I'm looking for something that will be completely transparent to all of the different systems. I want a piece of hardware that will just make them think they are sitting here, so I can just give them a 192.0.0.xxx address and it's all one big happy family.
Does that describe it a little better?
Re:nope, no cisco guys here. heh.
I like Adtran and cisco 2500s. Not the latest and greatest, but cheap, and they get the job done.
Re:I'm confused.
What exactly do you want to do? Internet, dial-up, WAN?
If this is a retail store POS kind of application you can get a dial-server with digital modems in the 2600 and 3600 class of routers. No more modem mess and considering you only have 30 stores you could easily get buy with 8 digital modems, with a T1 offereing 23 digital channels you've got plenty of room to grow your dial-up. Digital modems also mean you can do ISDN calling if you needed more speed at the store end.
If you need some kind of internet/vpn solution a 501 at the stores would be fine with a 515 at the head end, a 2600 router handles a single t1 just fine.
I'm just tossing out stuff hear, but if you truly describe what you're trying to do from a information/process standpoint I can offer solutions that meet those requirements. I usually don't say "I'm going to build a WAN, now I gotta figure out ways to use it".
Are we just talking about retail POS polling here?
0 Comments.