Router/firewall and p2p traffic

Unanswered Question

Hi!

I need to use a firewall in order to protect a public network for accessing Internet. In my network, I have around 100-200 users and I want to allow them to use p2p software (like emule) although I would like to limit the bandwith and number of sessions of those connections. I know I can do it with an ASA firewall, and the number of simultaneous connections supported (that is one of the major problems with emule-like apps) is very high. I would like to use also the system to give VoIP capabilities to some of the users (less than 20) so I'm thinking of using a 2800 router instead of an ASA firewall.

The problem I have is that I'm not able to find the number os simultaneous connections supported by the diferent 2800 models, and I would not like to use a router that could be overloaded because of p2p traffic.

Can I use a 2800 router for this situation or do I need an ASA firewall?

Thank you for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
zulqurnain Fri, 02/09/2007 - 03:01

hello,

as for the solution you are trying to implement and looking at the number of users, also you are looking forward to protect your internal network from public network. i would really suggest going for ASA 5500 series but you can always choose the best model which fits your needs.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

also, i know later you would be needing alot more from your investment e.g anti-x, greater filtering capabilities, blocking application and IPS system

HTH, PRI

zulgurnain,

Thanks for your answer. I know that a good solution is to use ASA5500, but I would like to use the same equipment to give VoIP, so I prefer to use a 2800 router. It's not in my plans to use the firewall as anti-x, so I think I can use the embedded IOS firewall.

The network is not vey big and is not going to grow very much. It is a small WiFi network and not all the users are going to use p2p applications.

What I would like to know is the number of maximum connections supported by the different 2800 models, or whether any of you have use this router in a similar situation without problems.

Regards,

Mario.

zulqurnain Fri, 02/09/2007 - 08:13

hello,

i got your point, we are currently using a cisco 2851 router which is connecting our branches core network over MPLS cloud, ve'ing Tunneling with esp-3des encryption and 've not seens any problem in there.

now could you tell me when you said that you want to know the number of maxium connections supported, what are you actually referrening to?

because what your senario is at the moment i believe a cisco 1841 series router will do just as good. but you can see the different model camparsion on the link below

http://www.cisco.com/en/US/products/ps5854/prod_models_home.html

HTH, PRI

hi,

I want to know the number of connections because edonkey-like applications opens a very large number of simultaneous connections at the same time. As I want my users to use those p2p applications I would like not to overload the router.

i.e. I'm using now a small firewall that supports 2.000 simultaneous connections and as soon as some of the users starts using the emule/edonkey, the firewall crash. Is not a problem of bandwith, but of number of simultaneous connections.

For the ASA5500 family is easy to know the number of connections (you can see at http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html) but I'm not able to find this information for router family.

I only want to be sure that my router is not going to crash when my users will be using p2p applications.

zulqurnain Fri, 02/09/2007 - 12:03

hello,

well, how ASA series handles and builds up connections is different from 2800 series routers, this you have to understand before comparing both products.

anyways, since 2800 series are services integrated routers, 2800 series products having Cisco IOS router running Cisco IOS firewall has throughput 455Mpbs almost equal to ASA 5520 450Mbps,

i believe links below will answer your question more clearly.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet09186a00801daa53.html

HTH, PRI

Actions

This Discussion