Cisco Support Community
Community Member

How many functions on one router?

It would seem to be theoretically possible, but have any of you successfully tried to do all this on one router:

1) Internet connection with BGP

2) Firewalling with static and dynamic NAT

3) LAN routing for several internal subnets

4) WAN routing with EIGRP to/from a managed MPLS connection

5) configuring on subnet to behave as a DMZ

The other alternatives would be to use:

1) internet router -> PIX or ASA -> internal router


2) internet router w/firewalling/nat -> internal router

We already have a 3660 as the internal in place at the location i question and it is doing the LAN /MPLS routing.

So I am looking for opinions as to what the best overall hardware choice would be.

It seems at first look that if all the functions were to be combined on a single router, the config would be rather complex because of all the extra access lists and statements that would have to be added to each subinterface in order to get the firewalling and NAT to work correctly. It might be easier to accidentally break some function with everything being on one box.

Thank you for your comments.



Re: How many functions on one router?


with the inputs provied by you ,you better think off moving with first setup mentioned in your mail.

Internet Router you can make use of taking care of BGP peering with the SP and may be you can think of going on for multiple peering for redundancy purpose.

ASA for all your firewalling and security requirements.

You can make use of the same for DMZ (zoning) for hosting your internal servers/applications.

Internal router to take care of the rest other things mentioned.

But deciding on any platform also requires other important info such as the routing process and other features (MPLS/Mulitcast etc.,)which you are going to run on the box.



Re: How many functions on one router?

Sounds like a 6509 with a SUP720BXL and a FWSM card would do the trick.

CreatePlease to create content