I am in a corporate environment with building all over the city. We have
lousy internet speed. The IT dept says that the entire city shares the same
switch and T1 line at a single location. They have also said that they are
not going to do anything about the speed issue.

My boss says that if I can find a way to use a DSL (or even a T1) line
for our plant's internet access, he will buy what ever I need to make it
happen and will also take the complaints from IT. We would still have have
to have access to the city's LAN but for web browsing we would use the DSL
line .

I can envision this being possible but at this point I'm not smart
enough to figure it out. We will have no IT support (and they will be ticked
off if I screw it up) but I have the Bosses full support (in writing no
less) to try.

I imagine that I would need another router betewwn our lan and the
corporate router. Configuration from that point would be interesting. How do
I direct intranet and shared folder requests to the city's Lan while all
other browser requests to the DSL line?

Can anyone get me started on requirements for this ? Caveats?
Thank you in advance

I doubt you have control over the DHCP server(s), so I would say no. If
enough of you complain, especially management types, the IT dept will do
something about it. It's probably low on their list and the management team
needs to move it up (if it really is a business issue and not just people
complaining that surf speeds are slow).

<churchmouse@noemail.nospam.net> wrote in message
news:uHm501UEGHA.3004@TK2MSFTNGP15.phx.gbl...
> I am in a corporate environment with building all over the city. We
have
> lousy internet speed. The IT dept says that the entire city shares the
same
> switch and T1 line at a single location. They have also said that they are
> not going to do anything about the speed issue.
>
> My boss says that if I can find a way to use a DSL (or even a T1) line
> for our plant's internet access, he will buy what ever I need to make it
> happen and will also take the complaints from IT. We would still have have
> to have access to the city's LAN but for web browsing we would use the DSL
> line .
>
> I can envision this being possible but at this point I'm not smart
> enough to figure it out. We will have no IT support (and they will be
ticked
> off if I screw it up) but I have the Bosses full support (in writing no
> less) to try.
>
> I imagine that I would need another router betewwn our lan and the
> corporate router. Configuration from that point would be interesting. How
do
> I direct intranet and shared folder requests to the city's Lan while all
> other browser requests to the DSL line?
>
> Can anyone get me started on requirements for this ? Caveats?
> Thank you in advance
>
>

The two basic options are:

1. A proxy server such as ISA running on a Windows server or a hardware
proxy device with a DSL line. Note that if you also need to access internal
web servers on the city LAN, you will need to be able to configure
rules/exceptions to reach them.

2. You could use simple routing: Connect a DSL router to a LAN port on
your existing network; give it a compatible non-conflicting IP; and
configure your local machines to use this IP as a default gateway. However,
if the city LAN comprises multiple subnets which you need to reach, you must
configure static routes to all of them on the DSL router - routes would
point to your old LAN gateway. If your DSL router did not support multiple
static routes, you could configure the routes on individual machines.
Whether or not the static route issue is significant requires more
information about the city LAN and your specific needs.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

<churchmouse@noemail.nospam.net> wrote in message
news:uHm501UEGHA.3004@TK2MSFTNGP15.phx.gbl...
> I am in a corporate environment with building all over the city. We
have
> lousy internet speed. The IT dept says that the entire city shares the
same
> switch and T1 line at a single location. They have also said that they are
> not going to do anything about the speed issue.
>
> My boss says that if I can find a way to use a DSL (or even a T1) line
> for our plant's internet access, he will buy what ever I need to make it
> happen and will also take the complaints from IT. We would still have have
> to have access to the city's LAN but for web browsing we would use the DSL
> line .
>
> I can envision this being possible but at this point I'm not smart
> enough to figure it out. We will have no IT support (and they will be
ticked
> off if I screw it up) but I have the Bosses full support (in writing no
> less) to try.
>
> I imagine that I would need another router betewwn our lan and the
> corporate router. Configuration from that point would be interesting. How
do
> I direct intranet and shared folder requests to the city's Lan while all
> other browser requests to the DSL line?
>
> Can anyone get me started on requirements for this ? Caveats?
> Thank you in advance
>
>

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in message
news:eDJF9OVEGHA.2040@TK2MSFTNGP14.phx.gbl...
> 2. You could use simple routing: Connect a DSL router to a LAN port on
> your existing network; give it a compatible non-conflicting IP; and
> configure your local machines to use this IP as a default gateway.
However,
> if the city LAN comprises multiple subnets which you need to reach, you
must
> configure static routes to all of them on the DSL router - routes would
> point to your old LAN gateway. If your DSL router did not support
multiple
> static routes, you could configure the routes on individual machines.
> Whether or not the static route issue is significant requires more
> information about the city LAN and your specific needs.

Hi, guys...

That is what I would suggest too,..except I would leave the existing LAN
router as the Default Gateway (requires no changes to Hosts, DHCP Scopes,
etc), then change the Default Gateway of the LAN Router to be the DSL
Device. If routing protocols are in use it will already know about the
other LAN segments and have routes to them,...if not then give it the
required static routes.

This way only one device is ever touched (the existing LAN Router) and it
prevents the LAN's Routing System from becomming dependent on a DSL Device
of which most are "home user" quality. Besides that, with multi-segment
LANS, I am always against making the "Internet Sharing Device" (whatever
that may be) from being the lynch-pin of the LAN's Routing ability. I like
to keep the LAN's routing abilty independent of anything associated with the
Internet.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Phill's idea is indeed better - I was kind of assuming that you didn't have
access to the corporate router.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Phillip Windell" <@.> wrote in message
news:#YAs#hVEGHA.1032@TK2MSFTNGP11.phx.gbl...
> "Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in
message
> news:eDJF9OVEGHA.2040@TK2MSFTNGP14.phx.gbl...
> > 2. You could use simple routing: Connect a DSL router to a LAN port on
> > your existing network; give it a compatible non-conflicting IP; and
> > configure your local machines to use this IP as a default gateway.
> However,
> > if the city LAN comprises multiple subnets which you need to reach, you
> must
> > configure static routes to all of them on the DSL router - routes would
> > point to your old LAN gateway. If your DSL router did not support
> multiple
> > static routes, you could configure the routes on individual machines.
> > Whether or not the static route issue is significant requires more
> > information about the city LAN and your specific needs.
>
> Hi, guys...
>
> That is what I would suggest too,..except I would leave the existing LAN
> router as the Default Gateway (requires no changes to Hosts, DHCP Scopes,
> etc), then change the Default Gateway of the LAN Router to be the DSL
> Device. If routing protocols are in use it will already know about the
> other LAN segments and have routes to them,...if not then give it the
> required static routes.
>
> This way only one device is ever touched (the existing LAN Router) and it
> prevents the LAN's Routing System from becomming dependent on a DSL Device
> of which most are "home user" quality. Besides that, with multi-segment
> LANS, I am always against making the "Internet Sharing Device" (whatever
> that may be) from being the lynch-pin of the LAN's Routing ability. I like
> to keep the LAN's routing abilty independent of anything associated with
the
> Internet.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
>
http://www.microsoft.com/technet/pro...gisaserver.msp
x
> -----------------------------------------------------
>
>
>

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in message
news:uC4IsmVEGHA.3868@TK2MSFTNGP09.phx.gbl...
> Phill's idea is indeed better - I was kind of assuming that you didn't
have
> access to the corporate router.

Configuring it may not be for the timid either. It will have to be up to
them to decide which way to go,...I'll just thought I'd toss in the idea.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

<churchmouse@noemail.nospam.net> wrote in message
news:uHm501UEGHA.3004@TK2MSFTNGP15.phx.gbl...
> I am in a corporate environment with building all over the city. We
> have lousy internet speed. The IT dept says that the entire city shares
> the same switch and T1 line at a single location. They have also said that
> they are not going to do anything about the speed issue.
>
> My boss says that if I can find a way to use a DSL (or even a T1) line
> for our plant's internet access, he will buy what ever I need to make it
> happen and will also take the complaints from IT. We would still have have
> to have access to the city's LAN but for web browsing we would use the DSL
> line .
>
> I can envision this being possible but at this point I'm not smart
> enough to figure it out. We will have no IT support (and they will be
> ticked off if I screw it up) but I have the Bosses full support (in
> writing no less) to try.
>
> I imagine that I would need another router betewwn our lan and the
> corporate router. Configuration from that point would be interesting. How
> do I direct intranet and shared folder requests to the city's Lan while
> all other browser requests to the DSL line?


Did you or your boss actually read the terms of service for the contract
between you and them? The "city's LAN" may not permit you to subvert
security of their network by installing "backdoors" that allow viruses and
other malware to get into the network at points within the network that are
after any protections they have implemented in their LAN. It is *their* LAN
to which you *subscribe*. I'm sure there would be no problem if you
disconnect from their LAN and use your own.

--
__________________________________________________ _____
** Post replies to the newsgroup. Share with others. **
For e-mail, remove "NIX" and append "#VC811" to Subject.
__________________________________________________ _____

Thanks folks,
You are correct in that I wouldn't have access to the lan router. It
would probably be possible to get IT to make a config change but we would
rather just do it ourselves. I imagine that they will have a fit once they
find out anyway but something has to change. This might be the catalyst.
I didn't consider the DHCP aspect, but we could static all the machines
we have easily enough. I prefer that anyway so I can sniff out problems
without chasing mac addresses.
I'm not familar with static routes. I have seen the entry for them but
never had a need, can you give me a cliff notes version of how to use them?
We also use Exchange server and domain logons that woul dhave to be
validated through the central server. How much does that complicate things?
Perhaps a proxy (ISA) is the answer for browsing?



"Phillip Windell" <@.> wrote in message
news:%23YAs%23hVEGHA.1032@TK2MSFTNGP11.phx.gbl...
> "Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in
> message
> news:eDJF9OVEGHA.2040@TK2MSFTNGP14.phx.gbl...
>> 2. You could use simple routing: Connect a DSL router to a LAN port on
>> your existing network; give it a compatible non-conflicting IP; and
>> configure your local machines to use this IP as a default gateway.
> However,
>> if the city LAN comprises multiple subnets which you need to reach, you
> must
>> configure static routes to all of them on the DSL router - routes would
>> point to your old LAN gateway. If your DSL router did not support
> multiple
>> static routes, you could configure the routes on individual machines.
>> Whether or not the static route issue is significant requires more
>> information about the city LAN and your specific needs.
>
> Hi, guys...
>
> That is what I would suggest too,..except I would leave the existing LAN
> router as the Default Gateway (requires no changes to Hosts, DHCP Scopes,
> etc), then change the Default Gateway of the LAN Router to be the DSL
> Device. If routing protocols are in use it will already know about the
> other LAN segments and have routes to them,...if not then give it the
> required static routes.
>
> This way only one device is ever touched (the existing LAN Router) and it
> prevents the LAN's Routing System from becomming dependent on a DSL Device
> of which most are "home user" quality. Besides that, with multi-segment
> LANS, I am always against making the "Internet Sharing Device" (whatever
> that may be) from being the lynch-pin of the LAN's Routing ability. I like
> to keep the LAN's routing abilty independent of anything associated with
> the
> Internet.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>

The way you configure static routes on a router, as distinguished from a
Windows computer, is product specific. As an example, a low end router such
as Linksys BEFSR11 claims to support 20 static routes and the manual
explains how to configure them;

http://www.linksys.com/servlet/Satel...yout&packedarg
s=c%3DL_Product_C2%26cid%3D1115416832017&pagename= Linksys%2FCommon%2FVisitor
Wrapper

The first thing you need to do is determine whether this is a significant
issue - how many subnets are on this network and how many do you really need
to access. Possibly you could use dynamic routing, but this is probably not
a good idea in this scenario.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

<churchmouse@noemail.nospam.net> wrote in message
news:OPSOy9WEGHA.1584@TK2MSFTNGP10.phx.gbl...
> Thanks folks,
> You are correct in that I wouldn't have access to the lan router. It
> would probably be possible to get IT to make a config change but we would
> rather just do it ourselves. I imagine that they will have a fit once they
> find out anyway but something has to change. This might be the catalyst.
> I didn't consider the DHCP aspect, but we could static all the
machines
> we have easily enough. I prefer that anyway so I can sniff out problems
> without chasing mac addresses.
> I'm not familar with static routes. I have seen the entry for them but
> never had a need, can you give me a cliff notes version of how to use
them?
> We also use Exchange server and domain logons that woul dhave to be
> validated through the central server. How much does that complicate
things?
> Perhaps a proxy (ISA) is the answer for browsing?
>
>
>
> "Phillip Windell" <@.> wrote in message
> news:%23YAs%23hVEGHA.1032@TK2MSFTNGP11.phx.gbl...
> > "Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in
> > message
> > news:eDJF9OVEGHA.2040@TK2MSFTNGP14.phx.gbl...
> >> 2. You could use simple routing: Connect a DSL router to a LAN port
on
> >> your existing network; give it a compatible non-conflicting IP; and
> >> configure your local machines to use this IP as a default gateway.
> > However,
> >> if the city LAN comprises multiple subnets which you need to reach, you
> > must
> >> configure static routes to all of them on the DSL router - routes would
> >> point to your old LAN gateway. If your DSL router did not support
> > multiple
> >> static routes, you could configure the routes on individual machines.
> >> Whether or not the static route issue is significant requires more
> >> information about the city LAN and your specific needs.
> >
> > Hi, guys...
> >
> > That is what I would suggest too,..except I would leave the existing LAN
> > router as the Default Gateway (requires no changes to Hosts, DHCP
Scopes,
> > etc), then change the Default Gateway of the LAN Router to be the DSL
> > Device. If routing protocols are in use it will already know about the
> > other LAN segments and have routes to them,...if not then give it the
> > required static routes.
> >
> > This way only one device is ever touched (the existing LAN Router) and
it
> > prevents the LAN's Routing System from becomming dependent on a DSL
Device
> > of which most are "home user" quality. Besides that, with multi-segment
> > LANS, I am always against making the "Internet Sharing Device" (whatever
> > that may be) from being the lynch-pin of the LAN's Routing ability. I
like
> > to keep the LAN's routing abilty independent of anything associated with
> > the
> > Internet.
> >
> > --
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> > -----------------------------------------------------
> > Understanding the ISA 2004 Access Rule Processing
> > http://www.isaserver.org/articles/IS...cessRules.html
> >
> > Microsoft Internet Security & Acceleration Server: Guidance
> > http://www.microsoft.com/isaserver/t...dance/2004.asp
> > http://www.microsoft.com/isaserver/t...dance/2000.asp
> >
> > Microsoft Internet Security & Acceleration Server: Partners
> > http://www.microsoft.com/isaserver/partners/default.asp
> >
> > Deployment Guidelines for ISA Server 2004 Enterprise Edition
> >
http://www.microsoft.com/technet/pro...gisaserver.msp
x
> > -----------------------------------------------------
> >
> >
> >
>
>

Talk to your IT folks. In most orgs, and yours sounds like a large one,
somebody installing a rogue device, ESPECIALLY a router to the internet,
You could find yourself unemployed so fast you'll have no idea what hit
you. Think about it, would you install a new door in your company's
building?

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in
news:OE#NsNYEGHA.740@TK2MSFTNGP12.phx.gbl:

> The way you configure static routes on a router, as distinguished from
> a Windows computer, is product specific. As an example, a low end
> router such as Linksys BEFSR11 claims to support 20 static routes and
> the manual explains how to configure them;
>
> http://www.linksys.com/servlet/Satel...%2FLayout&pack
> edarg
> s=c%3DL_Product_C2%26cid%3D1115416832017&pagename= Linksys%2FCommon%2FVi
> sitor Wrapper
>
> The first thing you need to do is determine whether this is a
> significant issue - how many subnets are on this network and how many
> do you really need to access. Possibly you could use dynamic routing,
> but this is probably not a good idea in this scenario.
>
> Doug Sherman
> MCSE, MCSA, MCP+I, MVP
>
> <churchmouse@noemail.nospam.net> wrote in message
> news:OPSOy9WEGHA.1584@TK2MSFTNGP10.phx.gbl...
>> Thanks folks,
>> You are correct in that I wouldn't have access to the lan router.
>> It
>> would probably be possible to get IT to make a config change but we
>> would rather just do it ourselves. I imagine that they will have a
>> fit once they find out anyway but something has to change. This might
>> be the catalyst.
>> I didn't consider the DHCP aspect, but we could static all the
> machines
>> we have easily enough. I prefer that anyway so I can sniff out
>> problems without chasing mac addresses.
>> I'm not familar with static routes. I have seen the entry for
>> them but
>> never had a need, can you give me a cliff notes version of how to use
> them?
>> We also use Exchange server and domain logons that woul dhave to
>> be
>> validated through the central server. How much does that complicate
> things?
>> Perhaps a proxy (ISA) is the answer for browsing?
>>
>>
>>
>> "Phillip Windell" <@.> wrote in message
>> news:%23YAs%23hVEGHA.1032@TK2MSFTNGP11.phx.gbl...
>> > "Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in
>> > message
>> > news:eDJF9OVEGHA.2040@TK2MSFTNGP14.phx.gbl...
>> >> 2. You could use simple routing: Connect a DSL router to a LAN
>> >> port
> on
>> >> your existing network; give it a compatible non-conflicting IP;
>> >> and configure your local machines to use this IP as a default
>> >> gateway.
>> > However,
>> >> if the city LAN comprises multiple subnets which you need to
>> >> reach, you
>> > must
>> >> configure static routes to all of them on the DSL router - routes
>> >> would point to your old LAN gateway. If your DSL router did not
>> >> support
>> > multiple
>> >> static routes, you could configure the routes on individual
>> >> machines. Whether or not the static route issue is significant
>> >> requires more information about the city LAN and your specific
>> >> needs.
>> >
>> > Hi, guys...
>> >
>> > That is what I would suggest too,..except I would leave the
>> > existing LAN router as the Default Gateway (requires no changes to
>> > Hosts, DHCP
> Scopes,
>> > etc), then change the Default Gateway of the LAN Router to be the
>> > DSL Device. If routing protocols are in use it will already know
>> > about the other LAN segments and have routes to them,...if not then
>> > give it the required static routes.
>> >
>> > This way only one device is ever touched (the existing LAN Router)
>> > and
> it
>> > prevents the LAN's Routing System from becomming dependent on a DSL
> Device
>> > of which most are "home user" quality. Besides that, with
>> > multi-segment LANS, I am always against making the "Internet
>> > Sharing Device" (whatever that may be) from being the lynch-pin of
>> > the LAN's Routing ability. I
> like
>> > to keep the LAN's routing abilty independent of anything associated
>> > with the
>> > Internet.
>> >
>> > --
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> > -----------------------------------------------------
>> > Understanding the ISA 2004 Access Rule Processing
>> > http://www.isaserver.org/articles/IS...cessRules.html
>> >
>> > Microsoft Internet Security & Acceleration Server: Guidance
>> > http://www.microsoft.com/isaserver/t...dance/2004.asp
>> > http://www.microsoft.com/isaserver/t...dance/2000.asp
>> >
>> > Microsoft Internet Security & Acceleration Server: Partners
>> > http://www.microsoft.com/isaserver/partners/default.asp
>> >
>> > Deployment Guidelines for ISA Server 2004 Enterprise Edition
>> >
> http://www.microsoft.com/technet/pro...loy/dgisaserve
> r.msp x
>> > -----------------------------------------------------
>> >
>> >
>> >
>>
>>
>
>
>