Firewall / Router Solution

Hey gang,

I have a small business that uses an ASP (application service provider) for their main day-to-day duties.  The office staff is about 12 employees, but they also have about 10 remote users (mostly using OWA or RDP).  They are currently using a T1 for internet with 8 channels being used for voice and the rest for data.  Since they’ve migrated to the new app, the internet and application performance has come to a crawl.  Based on the calculations from the ASP on the amount of  bandwidth need per user, they’ve decided to get a 2nd T1 dedicated for the ASP.  

So, the question is, aside from spending $3500 on a Cisco 2821, is there a more cost effective firewall solution that can route all traffic destined for the ASP's IP to T1b, and everything else to T1a?   Would using 2 cheaper firewalls work if made FirewallA the DG, and then put a static route on it that said anything destined for application.aspcompany.com route to internal interface on FirewallB?

Any ideas / recommendations appreciated.
LVL 5
DMJorgensenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Personaly opinion, get two T1's and bond them together.  Makes everybody happer, except the accountants.

A single firewall should be able to handle this easily.  You could either have two "outside" interfaces, one for T1a and one for T1b.  Or a single interface with two sub interfaces.  Either way you still have a static route for the IP address of the application server that points to the router for T1b and leave a default route pointing to the router of T1a.

However, are you getting the $3500 Cisco to connect both T1's?  If so, the the static route would go into the 2821 and you just have the firewall forward everything to the 2821.  The 2821 would then route based on going to the application server (static route) or not going to application server (default route).
0
DMJorgensenAuthor Commented:
The 2821 will definitly do what I want, but I'm looking for something that's cheaper.  This is a small business that would prefer not to spend the $3500.  Are there chearper firewalls with 1 LAN and 2 WAN ports?
0
giltjrCommented:
You may want to look at the 1841.  I think it is about US$1,500.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cyclops3590Commented:
personally I'd go with an ASA 5510.  It can easily handle what you want and for about $2000.  And please correct me if I'm wrong, but for some reason I believe the SmartNET is about $500-$600.
Default license enables 3 interfaces (plus mgmt int).  So you can have your lan and app networks.
Supports vpn very well, and gives you plenty of upgrade options, IPS module, SSL VPN, etc.
At least that's the way I'd go.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.