Adding Cisco 1720 Access Router

[twren]

Here is my company's existing configuration T1 > Cisco 1720 > Small Business Server NIC 0>
Small Business Server Nic1 > Internal Clients

Now the problem is that I have this 1000 dollar+ router and it is just serving the ip for SBS 4.5. The consulting firm that did this is huge microsoft backers and wanted to have DHCP and the firewall done on the server. I personally think that I should restore the firewall and NAT, and buy the VPN module and let the router handle the job of distributing internet resources.

Another problem is while I know how to configure and administer all this on NT, cisco is a blur. I tried reading up on Cisco's site...helpful, but confusing. If you guys could suggest a site it would be much appreciated.

 

[TheViper6]

Look for sample configs on Cisco's site, are you looking for how to setup NAT on a 1720? and IP filtering? if so, i can help you

 

[Xanathar]

Is the 1720 even your companys? Many, Many T1 contracts where a router is supplied the router is run by the T1 provider, running your own NAT/Firewall other then the router is much better then having to deal with the hassle of dealing with the provider.

2nd. DHCP is much much better on a server then a router in ease of manageability. Firewalling will definelty be easier on the NT box also.


Odds are you are using microsoft proxy, and that is your biggest complaint. Ditch the proxy (or use the Winsock proxy instead) and install a better Nat/Firewall program on the NT box.

 

[twren]

Xanathar: Yes the 1720 is our company's property. The T1 provider programmed the WAN card and basically now it is just distributing the ip address. Right now we are using DHCP and we are also using Microsoft Proxy. I have recently ordered SBS 2000, which is supposed to have a better proxy server, but I am interested in what you would recommend.
I must admit this idea is probably foolish because I just spent the last month restructuring the network and getting it to run just how I like it...unfortunately I am a constant tinkerer and I hate seeing hardware unused.

 

[Shadow07]

Good choice on ordering SBS 2000. When you get it, you will have IAS, which is a much better product than Proxy 2.0 could ever be. With IAS, you have the option of configuring it to be a proxy server, a stateful packet inspection firewal, or both. If you configure it to be both, you do loose some functionality with the Proxy service, but you cannot go wrong with it.

Let me know how you like the product when you get it in.

 

[twren]

Shadow07: I understand that SBS 2000 is going to improve these services, but wouldn't I be a bit better off with offloading the burden of Proxy, Firewall, and VPN to the router.
What I am thinking about is setting up the router to do NAT on my static ip's, use the cisco firewall, and install a vpn card in it.
Unfortunately I know little about cisco but with configmaker I have mapped out a good diagram that I would like to load. What I need to know is how to take a backup of my existing configuration on the router, so if I muff it up big time I can restore it back to normal

 

[spidey07]

Be carefull with asking a 1720 to be a firewall and VPN terminator. The 1720 is a pretty weak router in terms of processing power. I would recommend against using it as a firewall and only terminate a few VPN tunnels. Anything else will bring the router to its knees.

About the configuration:
All cisco gear uses a text based file for configuration. Hook up a console to the router and enter priveleged exec mode. just type enable and enter password. You will now have a routername# prompt. Set your terminal program to log and type "show run". This will output your running configuration. by logging to a text file you now have a copy. Erase your current config by typing "erase startup" or "write erase". this will delete the startup configuration. reset router with "reload" command and you have yourself a blank router.

good luck

ps - check router processor with "show processes cpu" command, check memory with "show mem"

<edit> - do yourself a favor and use the hardware encryption card. You will be able to handle more tunnels with that option

 

[twren]

Spidey07: I am not even going to attemp to try to code the thing through telnet. Cisco has a configmaker that is a gui and it produces the appropriate code for it. I was not aware that the 1720 was a weak router relative to my setup. I have about 30 users inside and was looking to setup 3 vpn clients. My main question is how do I backup the existing configuration I have on the vpn. I have weighed everyones advice and I am thinking about running nat though the router and purchasing the additional vpn card. I do appreciate everyones help on this issue. I must admit I do feel guilty about not answering as many questions as I should when I am reading the forums, I am just happy that there is a place where we can all exchange knowledge on our strengths and learn about our weaknesses in the computer field.

 

[spidey07]

with the VPN card three tunnels is perfectly fine. You back up your configuration with the method I described. If you need to restore the configuration take your backup text file, clear the router config and reboot, when router comes back up use your terminal program to paste the textfile.

I suggest you use get used to the basic IOS commands I described. If you need help with a command type ? EX &quot;show ip ?&quot;