From: MMoniz (ccie2002@tampabay.rr.com)
Date: Tue Jan 13 2004 - 22:48:40 GMT-3
I would recommend getting two (2) PIX 501 and do L2L connection between. All
you have to
make sure is provider will pass IPSEC and ISAKMP traffic. LEt the provider
provide the modem
with an ethernet handoff
I personally would not trust "Home Based" systems for business connectivity.
Just my thougths
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Todd Veillette
Sent: Tuesday, January 13, 2004 7:41 PM
To: Ertai Wizard; ccielab@groupstudy.com
Subject: Re: OT:Fault tolerant CEO's home network setup.
Linksys also has one that just came out that does stateful, dhcp, 8 port
10/100, etc, etc, and supports 50 IPSEC tunnels.
-TV
----- Original Message -----
From: "Ertai Wizard" <ertai_wizard@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, January 13, 2004 6:47 PM
Subject: FW: OT:Fault tolerant CEO's home network setup.
> Try
>
> Hawking FR24 Dual WAN Broadband Router - US $65.00 retail
> Xincom Twin WAN Router (XC-DPG402) - US $200.00 retail
> Symantec Firewall/VPN200 (a.k.a. Nexland pro800Turbo) - US $900.00
> retail
> etc...
>
> In these routers, they provide NAT (or Stateful inspection in Symantec
kit),
> DHCP Client IP addressing, Static Addressing, and DHCP server
functionality.
>
> They provide fault tolerance; and to a limited degree, load balancing
across
> both WAN connections.
>
> Anyway, ask the customer does he watch the Red Green show? Does he need
> duct tape? Eh? I hear you can duct tape two DSL/Cable modem routers and
> create a new fangled contraption that might work.
>
> :-)
>
>
>
>
> >From: "Andrew Moriarty" <amgroupstudy@hotmail.com>
> >Reply-To: "Andrew Moriarty" <amgroupstudy@hotmail.com>
> >To: ccielab@groupstudy.com
> >Subject: OT:Fault tolerant CEO's home network setup.
> >Date: Wed, 07 Jan 2004 00:53:20 -0500
> >
> >Ever have the feeling that you are missing something incredibly basic
that
> >will make you look stupid later? I do right now, and I hope someone can
> >help.
> >
> >The scenario: The customers CEO often works from home. He accesess
company
> >servers in california, and he lives in Canada. Because of where he
lives,
> >all he can get at his house is a relatively basic DSL from one provider,
> >and a basic cable modem setup from another. Both of these are "Home user"
> >type setups, with addresess assigned by DHCP. The DSL provider is
> >frequently down for a day or more. Problem is, thats the high speed
> >connection! The cable in this area is much slower, and not much more
> >reliable. (Don't ask me to explain why this so- it just is!- and before
> >anyone makes any canada jokes, yes he can get a canoe at the local
> >supermarket, all the TV netoworks carry hockey, and yes, there are wild
elk
> >running around in the parking lot)
> >
> >The CEO has a relatively robust home network- a unix based firewall, and
a
> >half dozen computers behind it.
> >
> >His goal is to have seemless fail-over, for as cheap as possilbe. He
wants
> >to be connected in to a contact management system all day long, and not
> >worry about which ISP is up or down. In other words, he might buy a
router
> >or two, but he won't upgrade his personal "Home" service to a business
> >class service. (its not available in that area anyways)
> >
> >Each ISP provides him with a public IP address. Right now he only uses
one
> >of them, and uses NAT on his unix firewall to provide internet access for
> >his six machines. He wants to add the second ISP to the configuration, to
> >povide fault tolerance.
> >
> >I've suggested buying a router and connecting it to both ISP's, and using
> >one interface as the primary and one as the backup, with static routes
and
> >NAT.Cheap, simple solution. Problem is, if one ISP fails, there goes his
> >public address that the NAT is using, and he'll have to log out of his
> >contact managment software, and restart his session, potentially loosing
> >data. He does NOT want to do that. Its no good flipping over to the
second
> >ISP/NAT connection, because then his public address will change, and his
> >session will be invalid and have to start again.
> >
> >He doesn't have any public ip addresses inside his house, can't get any
> >either with the services on offer in that area. He's not going to do
> >anything complex like run BGP etc. The ISP's won't let him anyways.
> >
> >I'm not sure I can solve his problem, but I've got a tickle in the back
of
> >my mind about something, thinkingI saw this somewhere before. I even got
> >out my Halabi and Doyle books and re-read some stuff.
> >
> >Does anyone have any suggestions on what to do here? Or even something to
> >research.....
> >
> >am
> >
> >_________________________________________________________________
> >The new MSN 8: smart spam protection and 2 months FREE*
> >http://join.msn.com/?page=features/junkmail
>
>http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.ms
n.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
> >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _________________________________________________________________
> Rethink your business approach for the new year with the helpful tips
here.
> http://special.msn.com/bcentral/prep04.armx
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:44 GMT-3