Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
3
Replies

Best device to fit for a project

James Lasky
Level 1
Level 1

‎04-01-2014 11:38 PM - edited ‎03-07-2019 06:57 PM

I'm not sure this is the right section but I try.

For a project (less than 100 branch offices and 2 Headquarters connected in an hub&spoke topology with IPSEC over MPLS among branch and HQ) I’m looking for the best device which cover the following items:

Branch:
Single device
At least two Ethernet interfaces (WAN/LAN)
Ipsec supporting 10-50-100 Mbs
Routing protocols such as BGP-OSPF
NAT
Redundant power supply (some site not but in principle I need it)

HeadQuarter:
Single device with XE intf
At least two Ethernet interfaces (WAN/LAN)
IPSEC supporting up to 7-10 Gbs of IPSEC (the sum of branches)
Routing protocols such as BGP-OSPF
NAT
Redundant power supply

Firewall is not needed, MPLS will be runned by two carrier (this is why single device, there will be two single devices (with hsrp/vrrp) per site each one connected to one MPLS carrier), IPSECs tunnels are on-top of MPLS.


I’m looking for the best solution in terms of scalability and price (very important).

I've an idea in my mind but I'd like to share your experience for the decision...

Regards

Labels:
0 Helpful
3 Replies 3

Vasilii Mikhailovskii
Level 7
Level 7

‎04-03-2014 01:19 AM

Hello.

I guess for MPLS you would use GETVPN, so ASA couldn't be an option.

For 10M, I would suggest Cisco 892 or 1921.

Up to 50M - 1941 could be fine (for asymmetrical flow), and 2921 for symmetrical;

Up to 100M - 2921/2951(for asymmetrical) and 3925 for symmetrical.

Not sure what to sugegst for HQ, but it should be anything like ASR1000-ESP20 (sure you need 2 devices for HA).

PS: why do you need NAT on MPLS?

PS2: in HQ I would suggest to split IPSec and NAT roles between different devices (ASA would be best for NAT).

0 Helpful

James Lasky
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎04-04-2014 06:10 AM

Hi Vasilii

the device will be on top of MPLS, this means there will be the CPE from the carrier and next the device I'm looking for.

Anyway I do not understand why you make differentiation from asymetrical to symmetrical, those links will be small at 10 Mbs ethernet and big up to 100 Mbs ethernet on branch.

I think 8xx and 19xx do not have redundant power supply.

NAT is not intended on MPLS as explained before MPLS is a layer down.

Thanks

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7
In response to James Lasky

‎04-05-2014 03:35 AM

Hello.

Symmeric for 10M = 10M inbound + 10M outboud = 20M overall IPSec.

Asymmetric for 10M = 10M inbound + 2M outboud = 12M overall IPSec.

PS: I would bet on 2 routers, than a single router with 2 power supplies.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card