Router can do all? ssl/firewall/vpn/switchports/wireless

Unanswered Question
May 7th, 2007

Is there a 2800 series or another series that will work for a small office? Looking for a router "all in one" type solution.

Basically, have an office that I want to have the following:

- SSL VPN (clientless if possible through the web login)

- Wireless in the office

- 4-10 switchports off the router for LAN

- Firewall (connect DSL/T1 to it)

Thanks much!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Paolo Bevilacqua Mon, 05/07/2007 - 12:21

Yes, the smaller would an 877 (ADSL only), or either a 1800 with wireless can do that.

If you want to with the 2801 (more expensive) the wireless module takes one slot, and the switch one or two depending if it is the 4 or the 9 ports. So you have one slot left for ADSL or T1. The switch ports optionally come with PoE so you can connect phones if you want.

The part to verify about your requirement is the SSL VPN, also called EasyVPN, that works downloading an active-x control to the PC, at that point within this control you will be able to access a remote desktop over an encrypted tunnel. The alternative is the classic VPN client over IPSec that will allow make the remote PC be part of the LAN, to summarize.

Hope this helps, please rate post if it does!

Tommer Catlin Mon, 05/07/2007 - 12:31

It does help. But what I dont get with the "adsl" connection is that why cant these just be 10/100 ports for the WAN connetion. I would normally have DSL modem or a router supplied from the vendor. Then I would just directly into the router WAN interface.

So EasyVPN is basically SSL vpn. Im not a huge fan of IPSEC because it does not work everywhere behindd firewalls at clients sites. These people just need to SSL into HQ, connect to a server, transfer files, etc.

Paolo Bevilacqua Mon, 05/07/2007 - 12:47


the main reason you want ADSL/T1 terminated in your own quality router, is:

1: your own NAT management - that addresses directly your comment about VPN above.

2: QoS (at least in the upstream direction)

3: direct management of the circuit.

If you don't care about that, an ethernet broadband router connected to ISP supplied device will do fine.

I don't know much about EasyVPN, but I would try throughfully it before going with it as a solution. For example, check what are the methods for file copying, because the OS native ones are not said to work (from what I understand). Think about, more in the philosophy of supporting a thin-client, rather than allowing remote access to a LAN.

Does it helps? If so please rate post using the scrollbox below!

Tommer Catlin Mon, 05/07/2007 - 12:50

Well, I was trying to compare is smb type solution for SSL to products like the F5 and aventail setup. Does Cisco have one?

Paolo Bevilacqua Mon, 05/07/2007 - 12:59

I'm not familiar with other vendors solution but Cisco scalability is as follows:

* Cisco 870, 2 users

* Cisco 1811, 10 users

* Cisco 1841 and Cisco 2801, 25 users

* Cisco 2811 and Cisco 2821, 50 users

* Cisco 2851, 75 users

* Cisco 3725 and Cisco 3745, 75 users

* Cisco 3825 and 3845, 100 users

* Cisco 7200 and Cisco 7301, 150 users

(I'm not sure if these numbers include the hardware-acclerated support coming in the form of an AIM for the ISR routers.)

From this document:

As a courtesy to those providing answers, please rate posts using the scrollbox below!


This Discussion