Should I upgrade from a Cisco 2620 to a Cisco 2801

Posted on 2006-05-02
Last Modified: 2011-09-20
We have a T1 line with a Cisco 2620 router that came a  part of a promotion from Sprint our T1 provider 4 or 5 years ago.  As we look to renew our T1 service with Sprint they are offering an option that for $35 extra dollars a month for two years, gives us a Cisco 2801 router.  We haven't upgraded the IOS on the 2620 since we received it.  I'm thinking that it may make sense to go with the new router in order to take advantage of any security enhancements.

I have very little experience configuring Cisco routers.  I all typically would do is use the filter to only open up IP addresses and ports to a new web server.  We also have a SonicWall Pro 230 in our configuration that is about 2 years old.

With the 2620 and the Sonic wall are we pretty secure or should I upgrade to the 2801?  Security is my main concern.  I don't want to leave ourselves exposed to unnecessarily.  


Question by:Mike93110
    LVL 12

    Accepted Solution

    If you don't have experience configuring Cisco IOS and you do feel comfortable with Sonicwall, focus your security efforts on using the Sonicwall to your advantage.  Let the router be a router, and don't worry about the upgrade.  Anyone with a bigger pipe than your T1 can flood your link if they really want to; having a beefier router won't matter if the T1 is already filled up during that kind of attack.  (We have 2xDS3 and 4xFastE; when a customer of ours gets hit hard, even our pipes get filled up.  The only remedy is to get the attack stopped and/or blocked; putting Cisco's largest router on our end of a DS3 won't make the DS3 empty out.)
    LVL 13

    Assisted Solution

    as pjtemplin says, if it aint broke, don't worry about it. We have one of our customers using a 2503 for an E1 connection and it is working just fine. Granted it takes about 30 seconds when you do a "write mem", but other than that it is plugging along. It doesn't take much to route packets.

    Author Comment

    Is there anything I should do to quickly ensure that there aren't any obvious security holes in my existing router that should be plugged?  Is it worth having someone double check my configurations or with the Snoicwall is the router pretty much a moot issue from a security standpoint.
    LVL 13

    Expert Comment

    If the router doesn't connect to your internal network at all, then the worst that can probably happen is someone might caused the router to lock up or reboot, which will effectively be a DoS against you. If they can't get onto your internal network behind the SonicWall, then they can't really do anything malicious.

    On the router, ensure that only things that are actually needed are enabled. Disable anything not required. Block telnet access from the Internet to the router (or restrict to a limited set of hosts). You You can check the Cisco vulnerability website:
    and if you find anything applicable to the IOS version you are running (show version) then you can request the patched IOS version.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    New Server  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
    It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now