We are having 3 internet connections coming in to one of our customer's main offices for redundancy and etc. I would like to replace the 3 routers with a one for easier support and management. One of the connections is an ADSL and the other 2 are leased lines so they terminate with an RJ45 connection.
Would something like a Cisco 2911 + HWIC ADSL card be sufficient enough or would you recommend something else?
No ASA is required neither recommendable where you have a router. That is because the router can optionally be configured to be a firewall, moreover its much easier to configure and troubleshoot, it has much much more features, and it doesn't have all the confusing licensing requirements as the ASA.
The answer depends on the other factors such as the bandwidth of the links, the configuration (e.g encryption, packet compression, ip cef enabled, access-lists, nat) etc.
You can check the product routing performance of cisco routers to the next link
Hope that helps,
This is also depends on the money that you can spend and future needs...
Definetely an ASA is preffered over a router with FWL capabilites.
This would reduce the load of you router, improve the performance and can have additional security features
The customer is now looking to get 3 leased lines, normally they provide a cisco router with a leased line. I guess my question would be then if they just need an ASA rather than a router?
Thank you Vasileios, but if I have 3 routers already provided by the ISP and their are Cisco 2911s then I would need to get an ASA to do the route decisions and traffic filtering and etc?
Customer would use one line for general internet, second for site-to-site VPN and 3rd as a backup.
In this setup and if you have to use the three routers, a solution to add a FWL connected to the routers which will be responsible to filter the traffic and provide basic routiing towards the 3 routers seems ok.
Just consider, since the resilience is critical for your customer according to your post if you need to have to 2 FWLs for
This is what the customer says:
We currently have one from eclipse which is a Cisco (The same as what you quoted us for). However, we aren't allowed any management access to this, so I assume it will be the same kind of thing.
What we are generally looking for is a router that can support all 3 connections, so if a connection goes down it switches to the next one automatically.
We have had some issues here the past few days, our gateway server went down yesterday and had to be re-built, which meant we had no internet all day.
That is the reason my manager is now pushing to get things upgraded, as we cannot afford outages such as that to happen.
When you have multiple conenctions and want advanced routing and features, use a router not a firewall.
And also for security, a router is safe as a firewall is.
Many thanks for all your help guys!
I am probably going to go with 2 2911 routers with IPS modules and an ESW switch in front of them for failover between the routers. Hopefully the client can stretch his budget!
I would skup the IPS modules. They introduce a lot of complexity and cost for little or no actual benefit.
Also having a single switch introduce a single point of failure. Just connect one or two router to the circuits and be done.
Overengineering simple things is a major and common mistake in networking.