Hi Amy, What you pointed out with the router making the determination of which T1 to use for sending traffic is the right idea. The physical topology isn't the critial piece, however. You can have the router have the routing tables to point to the second router (the Netgear firewall in this case). The big issue is making sure that the return routes also work properly. e.g. * Router to WAN-T1 has IP routes to all WAN & Internal IPs (and so do all the other WAN routers). * Router to WAN-T1 also has an default route (0.0.0.0/0) to the netgear for non local Ips. * All internal devices route out to the WAN-T1 router as default gateway. In most cases the above should work fine. If you draw this out and watch traffic going out and then also for coming in, you'll see that the outbound will go: host -> WAN-router -> Internet-router -> Internet The return path is: Internet -> Internet-router -> host Since the WAN-router is merely "redirecting" the internet traffic to the netgear and doesn't really impact the route, the difference in the outgoing and return paths should be irrelevant. The key is to make the network infrastructure deal with the routing. I've seen places try to place static routes on hosts and that is just such a pain to deal with! Feel free to msg me off line if you'd like further clarification. -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, December 18, 2004 8:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] OT: WAN Advice http://www.ISAserver.org It's been about 8 years since I last worked in a WAN environment and about 4 since I last looked at a router and that was only to study for my little used CCNA. In small business consulting you do a lot of VPN but rarely a WAN. Rusty but ready. So here's the situation: Company has 4 offices connected to each other with T1 lines. Each office has a second T1 for Internet access. There's a Windows 2000 DC at each location. The main office is called Macomb. (starting to sound like a test question, eh?) The servers are not able to contact each other and browsing doesn't work either. Active directory is complaining as is the licensing service. Users are dropping randomly off the network. Individuals can get to the Internet sometimes, sometimes not. Workers are going around the office looking for the computer that can get to the Internet. They tell me that the network used to work when they were with XO but since they switched to LDMI they have these problems. To the users it appears to be intermittent outages; to me it appears that the routing isn't right. The T1 to the Internet is connected to a netgear firewall, then to the switch. The T1 to the Macomb office is connected to a router, then to the switch. Looks like this: T1 Macomb - Router ----------- Switch T1 Internet - Firewall They've had two other consultants in there poking around. The first guy had them buy a new firewall and switches. The second guy removed adware and junk from the PC's. Neither solved anything. Here's my thought. Back in the day we would connect a WAN like this: T1 Macomb ------------Router - Switch T1 Internet - Firewall Am I correct? Shouldn't both T1 lines connect to the router so it can make the decision whether the request is for the Internet or the WAN? Amy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: davidh@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx