What's the best ? within ISR's ?

Unanswered Question
Jun 1st, 2008

Hi,

i'd like to be able to have 2 box to load balance 2 isp (i know 1812 , for example, can load balance 2 isp with 2 interface but if the box crash, then no more link) so ... i'll explain the whole thing :p

I'd like to be able to have :

2 boxes for redundancy, loadbalancing of 2 isp (dsl, cable, blr, (...) )

url filtering,

wifi,

nac,

firewall

vpn

which of the ISR's suits the most and with which modules (hwic) if necessary ?

thanks for your feedback :)

is this possible to have the box acting as "switches" too and have (for example) 24 or 48 ports on them ? :)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Sun, 06/01/2008 - 01:56

Hi

You need to provide more details like the internet bandwidth required for your location,interfaces required out there to terminate the internet connectivity, concurrent users/sessions which is required to decide the router model which can be a best bet for your requirement.

You can also make use of ESW(Ethernet Switch Model) in place of a external switch.

Based on your requiremend for 24 or 48 ports you may look at Cisco 2800 ISR series boxes which are inline to your lan port requirement.

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/ps5882/product_data_sheet0900aecd8016fa68_ps5854_Products_Data_Sheet.html

regds

vianney.assofi Sun, 06/01/2008 - 02:11

hi,

Thanks for that fast answer ...

i was at first considering 1812 routers for

VLAN, WIFI, DUAL WAN (and/or GLBP ? i think it works with thoses routers) FIREWALL

but then the "switching module and the url filtering thing cames up to the surface" ...

so i seen that with 18xx router you can use "external url filtering" and i could use another box for switching but i thought if i can use only 2 boxes on external sites it would be better for maintening equipements...

and i read that 28xx could have switching ports (24/48)..

as for the "more details"

you need to imagine a HQ with up to 150/200 users (which will use "catalysts switchs" and have the ISR only to get out to internet

and several 'external' smaller sites (Less than 20 users in each) which will have to be connected thru VPNs to the HQ.

each external site will have 1 ADSL link and 'may have 2 links', some sites will need to have the highest reliability for continuity of service...

thus 1 box with dual wan would work but 2 boxes with GLBP seems greater (? am i wrong ?)..

the DSL links are "standard" (up to 20Mb down, and up to 2Mb up)

now switching stuff could allow to only have 2 equipements (redundancy) on the remote sites which will act as "router/switch/firewall/wifi/nac/loadbalancer/and url filtering" (as there are not many users there i assume the load will be supported rather good (any return of experience on this is welcome :) )

so, since the url filtering and switch came up .. i turned to check 2800 as you say just above... but i need to be sure 'what' modules provide all services to be sure they all can fit in a single equipement together... :p

thanks for more informations ...

regards

V.

spremkumar Sun, 06/01/2008 - 06:42

Hi

if you are considering the devices for your hub site i would suggest to have independent device to take care of WAN/LAN/Security(Firewalling),VPN and URL Filtering.

AFAIK for url filtering u can make use of software like websense to take care of it.

For maintaining the VPN connections from the remote locations/branches and to take care of security part of the hub locations you need to have a firewall.

The link which i have posted in my earlier post contains the modules supported by cisco 2800 series router.

regds

spremkumar Sun, 06/01/2008 - 06:43

Hi

if you are considering the devices for your hub site i would suggest to have independent device to take care of WAN/LAN/Security(Firewalling),VPN and URL Filtering.

AFAIK for url filtering u can make use of software like websense to take care of it.

For maintaining the VPN connections from the remote locations/branches and to take care of security part of the hub locations you need to have a firewall.

The link which i have posted in my earlier post contains the modules supported by cisco 2800 series router.

regds

vianney.assofi Sun, 06/01/2008 - 07:52

the idea is to reduce the number of units..

on the "remote sites" the 1812 wouldn't be ok ?

it is supposed to have the VPN and Firewall integrated in the single unit ?

http://www.cisco.com/en/US/products/ps6183/index.html

The Cisco 1812 Integrated Services Router provides:

Secure broadband access with concurrent services for branch and small offices

Integrated ISDN Basic Rate Interface (BRI), analog modem, or Ethernet backup port for redundant WAN links and load balancing

LAN Switching with optional inline POE

Secure wireless LAN for simultaneous 802.11a and 802.11b/g operation with use of multiple antennas

Advanced security including:

Stateful Inspection Firewall

IP Security (IPSec) VPNs (Triple Data Encryption Standard [3DES] or Advanced Encryption Standard [AES])

Dynamic Multipoint VPN (DMVPN) and Easy VPN

Intrusion Prevention System (IPS)

Antivirus support through Network Admission Control (NAC) and enforcement of secure access policies

i thought it would mean it's usable to work for everything on small sites (of course you'll still need "switching" inside the lan but well :) )

spremkumar Sun, 06/01/2008 - 22:24

Hi

In my last post i was referring to the hardware requirements keeping your hub site in mind.

I totally agree for the remote location for the sake of easy manageability you can have most of the features in a single box provided its sized properly to avoid any kinda overloading which will inturn affect the network performance.

i would suggest you to create requirement sheet plotting all the required features in a sheet as against to the hardware available.

by doing so i m sure that you will come to a conclusion on the most appropiate hardware which can fullfill most of your requirement.

cisco 1812 is a fixed model router in which you wont be able to add any interface/module when you require the same in near future.

these are the kinda points we need to consider while deciding upon a device for our network.

regds

Actions

This Discussion