Enterprise level router

[Skunk]

HI there. Im looking for a recommendation for an enterprise level router. The only real requirement is that it have the capability to forward smtp traffic to two internal mail servers based on wan ip. Im currently looking at the cisco 1721 model. It appears to do what we need but as im completely inexperienced with cisco im a little wary of jumping in over my head. Are they that difficult to setup and configure?

Any recommendations on other routers?

 

[beatmix01]

If you are not familiar with cisco's command line interface then yes. However, once you learn the commands and understand the the IOS you can get by. Pick up a book thats what I am doing.

 

[Goosemaster]

Originally posted by: beatmix01
If you are not familiar with cisco's command line interface then yes. However, once you learn the commands and understand the the IOS you can get by. Pick up a book thats what I am doing.

Umm, I'll give you advice, but keep in mind that I am a student currently in semester 4 of 4 of the CCNA program(actually a telecommunications class at the univ but whatever) :

I REALLY REALLY recommend that you take a simultaneous book and application approach. memorization is one thing, but understanding concepts is not only more effective, but much also much more practical.

Instead of inputing step by step commands, it would more effective to approach the CLI via a task-based logical mentality...

I want to configure an interface so I type "configure terminal" to go into the gobal configuration mode, and then type the name of the interface because I want to configure something specific to it: "interface x0" . Then I type the IP address and the subnet mask once the prompt says config-if.

instead of

Configure interface e0 by going into the appropriate interface and setting the IP address, subnet mask, and bringing the interface up.

 

[beatmix01]

if you want to get a feel of what the CLI is like, check out boson router simulator

Text

 

[Garion]

This is all good advice, but I think you need to step back a bit and give us more background.

You say forward mail to two SMTP servers based on WAN IP - Does that mean you'll have two WAN circuits coming into the outside of the router, or does that mean that you're going to have to remote IP addresses across the WAN through the same connection and want each of them to be routed to a separate SMTP server?

Next, and most importantly... When most SOHO users think of a "router" they think of a Linksys, D-Link, etc. Technically, these *are* routers, but they are designed for a whole different world than a real enterprise router. SOHO routers combine a lot of features together and wrap them all up in a pretty little package. Firewalls, NATs, port forwarding, etc. Something like a 1700 is very, very different. It has a lot more capabilities and is designed for something very different. Yes, it can DO most of what you're looking for, but it's going to be a real pain and cost you big $$$, especially when you add on the firewall feature set to a already expensive router.

There's probably some other solutions - For example, you can probably send ALL the SMTP traffic to a single server, then write some rules to route it appropriately. You could also build a Sendmail box that just routes mail - Send all WAN mail to the sendmail box and write some configs on it to route traffic to your other two SMTP servers based on whatever rules you require.

So, give us a bit more info and we'll be able to better tell you how to most efficiently achieve your goals.

- G

 

[Skunk]

Originally posted by: Garion


You say forward mail to two SMTP servers based on WAN IP - Does that mean you'll have two WAN circuits coming into the outside of the router, or does that mean that you're going to have to remote IP addresses across the WAN through the same connection and want each of them to be routed to a separate SMTP server?


- G

Thanks for the info ill try to clarify a bit more.

We currently have 5 external addresses available to us through our provider. We will have two exchange servers internally. The router needs to have two external wan ports for different ips. Both wan ports need to be bound to smtp; routing the smtp traffic on a specific wan port to the proper server.

The 1721 has a fairly intiuitive GUI that i can manage most of the tasks i need to up front while learning the more complex CLI interface.

Im not limiting myself to this model. If there are suggestions for other makes or models, I'd be more than interested in hearing of them.

 

[Goosemaster]

Well if my memory serves me correctly, create a pool of the available addresses and have them assigned over just one WAN link using NAT. Then all you have to do is create the appropriate routes and route the approprate ports.

What kind of wan connection do you have such as a leased line or frame relay?

 

[spidey07]

why would it need two wan ports? Do you have two separate internet circuits?

what are the incoming WAN circuits and what kind are they?

 

[Skunk]

Its a burstable t1 over wireless. We are currently using a contivity 100 that can create aliases over a single wan port and do exactly that. Unfortunately it needs replacing and we require a new solution. So im guessing the cisco 1721 will fullfill our needs but im going to have to take a crash course on cisco routers(ive got less than a month to get this implemented and working).

Are there any other routers that will do this? It has to be done quickly and im not sure a month is enough time for me to learn how to get the 1721 configured properly for daily operation.

 

[spidey07]

Originally posted by: Skunk
Its a burstable t1 over wireless. We are currently using a contivity 100 that can create aliases over a single wan port and do exactly that. Unfortunately it needs replacing and we require a new solution. So im guessing the cisco 1721 will fullfill our needs but im going to have to take a crash course on cisco routers(ive got less than a month to get this implemented and working).

Are there any other routers that will do this? It has to be done quickly and im not sure a month is enough time for me to learn how to get the 1721 configured properly for daily operation.

I'm confused....wireless T1? Is it wireless or a T1? What gear do you have to receive the service? An access point?

Sounds like you need a firewall and not a router.

 

[Boscoh]

I'm guessing the sales people just termed it a "wireless T1" to denote the speed being 1.5mbps.

Just get you a good firewall. PIX 501 or 506e will work nicely. If you need a DMZ look at the 515e.

Netscreen makes some good firewalls too. The 5 series (they have all kinds of alphabetical designations behind the "5") are pretty good little units.

Either one of those units will do what you want, and you'll get a good stateful packet-inspection firewall without having to pay for the firewall IOS feature-set. It'll probably be less expensive than a 1721 too, depending on which model firewall you choose.

Both have good GUI's.

 

[Garion]

Yup, a good firewall is the way to go. Routers are really designed to move packets between subnets. Some have rudimentary firewalls, but they really don't do that very well. What you really need is a firewall, as others have mentioned.

Not sure exactly which will do what you need - I'd read up on the Cisco PIX, the Netscreen (now Juniper) and perhaps some of the SonicWall gear.

- G

 

[Skunk]

Ok im a complete retard We are using a relay for antispam that will handle multiple internal domains. Smtp can be routed there and forwarded to all the correct servers. Can't believe i missed the obvious one.

Thanks for all the help and suggestions.