Question : T1 Point to Point

I have just installed a point to point dedicated T1 connection between City 1 and City 2. Using Cisco 1841 routers on each end. I also have Sonicwall TZ170 on each end.
One option is to create a rule on the sonicwall directing all traffic requests for opposite end subnet traffic on each side to the other end.
I believe there is a more efficient way to exclude the Sonicwall and force the requests at the user level.
Any experienced suggestions??

Answer : T1 Point to Point

Does the Sonicwall sit between the T1/Cisco and the local LAN?  If so then you will need to keep the traffic routed through the Sonicwall.  

(City 1)---(Sonicwall)---(Cisco)---(T1)---(Cisco)---(Sonicwall)---(City 2)

If the Sonicwall and the Cisco 1841 are seperate gateways then what you can do is put a static network route on each Workstation pointing to the Cisco's IP address as the Gateway for the opposite City's subnet. Below is a diagram of what it would look like; you can replace the IP addresses with what you have in your network.

                        Sonicwall
                  |---(10.1.1.254)---(Internet)
 City 1         |                                                                      City 2
(10.1.1.x)---|                                                                |---(10.2.2.x)
                  |     Cisco 1841        P-t-P          Cisco 1841   |
                  |---(10.1.1.253)------(T1)------(10.2.2.253)---|


The route for the workstations at City 1 would be:
     route add 10.0.2.0 mask 255.255.255.0 gateway 10.0.1.253

There are two schools of thought on this.  Some Network guys, myself included, hate having to maintain route tables on individual hosts so I’d rather point to one gateway and put the redirect on the main gateway to directing traffic for the trusted network to the other p-t-p gateway. Then you have the networks guys that if they can avoid it would rather not bog their firewalls down processing traffic to a trusted network.  Neither is right or wrong each has its own merit.  Since both sides of the network are trusted it’s a matter of preference.  Unless of course there is a need to maintain security even across the private dedicated link.

-Cloz




Random Solutions  
 
programming4us programming4us