Results 1 to 21 of 21
  1. #1

    Help choosing corporate 1RU Router

    Hello,

    I'm looking for a 1-rack router for my company.

    Our mandatory requirements are:
    - Hardware replacement in the next business day (NBD) - Service could be included or extra
    - VPN support (IPsec/L2TP)
    - Dual-WAN (for future fail-over implementation).

    Some nice features
    - Gigabit switch included (so we can spare and avoid to buy a switch for the rack).
    - LDAP authentication (So VPN users can login with their email login)
    - Good documentation and Support available in the internet!

    We had an ZyWall USG 300 with 2 months but it got bricked, they didn't provide us a replacement hardware and we sent to the support and went back not entirely repaired. So we're want to change to another (apparently) more reliable brand.

    I'm thinking of SonicWall NSA 240 but I never heard about any user experience with it!


    By the way... our budget: no more than $1500

  2. #2
    Is there also any recommended website that I can read corporate router reviews?

  3. #3
    Join Date
    Dec 2007
    Posts
    64
    I would stick to a Cisco ASA for what you need.

    If you get two of them you can set them up in A/A or A/S failover(depending on the license).

    I don't know if you'll be able to find a 'router' with full a gigabit switch on it for your budget that fits your needs.

  4. #4
    Quote Originally Posted by mchristen85 View Post
    I would stick to a Cisco ASA for what you need.

    If you get two of them you can set them up in A/A or A/S failover(depending on the license).

    I don't know if you'll be able to find a 'router' with full a gigabit switch on it for your budget that fits your needs.
    I didn't know about this Cisco ASA family. The big difference from 1800 or 2800 series is that ASA is a security appliance ?

  5. #5
    Join Date
    Dec 2007
    Posts
    64
    Correct, the ASA's provide L3 functionality with NAT and ACL's as well as being a robust firewall and VPN endpoint.

    What kind of WAN connection are you working with?

    For example I have an ASA 5505 hooked into two different cable connections from different ISPs for WAN failover and on the inside it protects 8 different VLANs with firewalls.

    The 5505 comes with an integrated 8 port 100mbps switch with 2 enabled for PoE.

  6. #6
    Quote Originally Posted by mchristen85 View Post
    Correct, the ASA's provide L3 functionality with NAT and ACL's as well as being a robust firewall and VPN endpoint.

    What kind of WAN connection are you working with?

    For example I have an ASA 5505 hooked into two different cable connections from different ISPs for WAN failover and on the inside it protects 8 different VLANs with firewalls.

    The 5505 comes with an integrated 8 port 100mbps switch with 2 enabled for PoE.
    For now we have only 1 WAN (with corporate aDSL), but our plan is to contract a second server for fail-over.

    ASA 5510 seems be attractive!

  7. #7
    Join Date
    Dec 2007
    Posts
    64
    Quote Originally Posted by andretenreiro View Post
    For now we have only 1 WAN (with corporate aDSL), but our plan is to contract a second server for fail-over.

    ASA 5510 seems be attractive!
    How many clients in your office do you have? The 5505 can do up to 150mbps through the firewall, should be plenty of power for a small office.

    What about VPN access, how many clients?

  8. #8
    Quote Originally Posted by mchristen85 View Post
    How many clients in your office do you have? The 5505 can do up to 150mbps through the firewall, should be plenty of power for a small office.

    What about VPN access, how many clients?
    With the sum of our branches, we're more or less 30 people.

    Our services are: Email server, web server, application license server, intranet, Subversion/SVN repository (this required GigE for sure) and other stuff.

  9. #9
    Join Date
    Dec 2007
    Posts
    64
    I don't see why a L2 managed gigabit switch that supports VLANs and trunking wouldn't work with the ASA 5505 in your situation.

    I run more clients through our 5505 than you have + 3-4 'always on' IPSEC VPNs with every device except for our WAP + VOIP phones are running gigabit.

  10. #10
    Quote Originally Posted by mchristen85 View Post
    I don't see why a L2 managed gigabit switch that supports VLANs and trunking wouldn't work with the ASA 5505 in your situation.

    I run more clients through our 5505 than you have + 3-4 'always on' IPSEC VPNs with every device except for our WAP + VOIP phones are running gigabit.
    Is the 5505 easy to configure? I have a few (not much) experience with Cisco 2800.

  11. #11
    Join Date
    Dec 2007
    Posts
    64
    Quote Originally Posted by andretenreiro View Post
    Is the 5505 easy to configure? I have a few (not much) experience with Cisco 2800.
    You can use the GUI ASDM interface to configure just about everything you need.

    IIRC the only time I've needed to jump to the console was to setup a port mirror to monitor network traffic.

  12. #12
    Quote Originally Posted by mchristen85 View Post
    You can use the GUI ASDM interface to configure just about everything you need.

    IIRC the only time I've needed to jump to the console was to setup a port mirror to monitor network traffic.
    5505 seems cool, It would be nicer if it was rackmount type

    What servers/services are you using with your 5505?

  13. #13
    Join Date
    Dec 2007
    Posts
    64
    Quote Originally Posted by andretenreiro View Post
    5505 seems cool, It would be nicer if it was rackmount type

    What servers/services are you using with your 5505?
    You can buy a rackmount for it for $50 IIRC.

    HTTPS/SSH/POP/IMAP/SVN/FTP plus some proprietary software....

    It really doesn't matter what services you run, the ASA can do NAT and PAT so you can expose any private IP/PORT combination you want to the public.

  14. #14
    Quote Originally Posted by mchristen85 View Post
    You can buy a rackmount for it for $50 IIRC.

    HTTPS/SSH/POP/IMAP/SVN/FTP plus some proprietary software....

    It really doesn't matter what services you run, the ASA can do NAT and PAT so you can expose any private IP/PORT combination you want to the public.
    What main differences do you find between 5505 and 1800 for example? Beside IPS, and Anti-Spam, etc.. usually paid services in UTM.

  15. #15
    Join Date
    Dec 2007
    Posts
    64
    Quote Originally Posted by andretenreiro View Post
    What main differences do you find between 5505 and 1800 for example? Beside IPS, and Anti-Spam, etc.. usually paid services in UTM.
    The 5505 is primarily a firewall and the 1800 is primarily a router. Their feature set overlaps quite a bit but there are differences.

    I would get a sales rep to help you out here, you might even be able to get a demo unit of one or both of the devices.

  16. #16
    Quote Originally Posted by mchristen85 View Post
    The 5505 is primarily a firewall and the 1800 is primarily a router. Their feature set overlaps quite a bit but there are differences.

    I would get a sales rep to help you out here, you might even be able to get a demo unit of one or both of the devices.
    I'll do that tomorrow and phone do Cisco! Thanks

  17. #17
    Quote Originally Posted by mchristen85 View Post
    The 5505 is primarily a firewall and the 1800 is primarily a router. Their feature set overlaps quite a bit but there are differences.

    I would get a sales rep to help you out here, you might even be able to get a demo unit of one or both of the devices.
    Can you tell me if the 5505 supports LDAP integration? so users can authenticate in the VPN with their centralised login, such as emails.

  18. #18
    Join Date
    Dec 2007
    Posts
    64
    Yes it does, my remote VPN users can authenticate with their Windows Server 2008 AD logins.

  19. #19
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    One company I highly suggest: Foundry

    very good stuff - I've still got Foundry routers from the late 90s handling gigabit backbone links just as well as they did when they were new.

  20. #20
    Join Date
    Nov 2003
    Location
    Toronto, Ontario
    Posts
    651
    When you say Dual WAN, what kind of line cards are you going to need? or are your connections going in via Ethernet, and if Ethernet are we talking E10, E100, E1000 ?

    Regardless what cisco product you roll with, you will be able to authenticate VPN user via radius to your windows domain using IAS.

    I would not use an ASA for this job, i would recommend a cisco 1841 depending on what linespeeds we are talking out to the internet in your application.
    Kevin

  21. #21
    Quote Originally Posted by HP-Kevin View Post
    When you say Dual WAN, what kind of line cards are you going to need? or are your connections going in via Ethernet, and if Ethernet are we talking E10, E100, E1000 ?

    Regardless what cisco product you roll with, you will be able to authenticate VPN user via radius to your windows domain using IAS.

    I would not use an ASA for this job, i would recommend a cisco 1841 depending on what linespeeds we are talking out to the internet in your application.
    Hi Kevin!

    Dual WAN means two ethernet RJ45 cables that are connected to the aDSL modems.

    I have an OpenLDAP (Zimbra) centralised login controller.

Similar Threads

  1. Replies: 4
    Last Post: 12-09-2008, 05:06 AM
  2. Replies: 16
    Last Post: 08-02-2005, 11:40 PM
  3. Choosing MS Access in corporate environment
    By pharoo in forum Running a Web Hosting Business
    Replies: 2
    Last Post: 10-09-2004, 11:05 AM
  4. Choosing a Router for 100Mb Fiber link
    By jmfrisch in forum Hosting Security and Technology
    Replies: 17
    Last Post: 05-31-2004, 08:09 PM
  5. Choosing a router
    By jonathanbull in forum Web Hosting Lounge
    Replies: 14
    Last Post: 05-21-2004, 01:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •