Linksys Firewall rv016

I have a configuration question, i have a client that has Linksys RV016 that they want to configure one wan1 port to upload and the wan2 port for download.  They have 2 different ISP's.  Is this available with this produst or do you have any recommendations of other products.
wcrickettsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
JFrederick29Connect With a Mentor Commented:
Have you tried putting the latest Firmware on the RV016?  It looks like you are right that it does both Failover and Load Balancing together and it isn't configurable (unless things have changed recently).  If failover only is acceptable, we are back to an ASA 5505.  If you want advanced QoS features, a router is required as Pugglewuggle suggested..
0
 
JFrederick29Commented:
I highly doubt it.  When you send traffic (upload) out WAN1, you are NAT'ing traffic behind an IP address from ISP1 so the return traffic (download) would come back through ISP1/WAN1.  You would only be able to do this with a product that could NAT traffic behind the WAN2 ISP but send it out WAN1.  You could do this with a Cisco router but there is no guarantee ISP1 won't filter the traffic sourced with an IP address from ISP2...
0
 
PugglewuggleCommented:
This is not possible on a Linksys device. If you want to configure something like this you need to use an enterpise device that supports Policy Based Routing, or PBR.
Even then this is generally not going to work due to ISP filtering of source addresses. I'm just letting you know so you don't waste a lot of time on it.
Your best bet is to limit certain bandwidth intensive protocols to one faster WAN line and put everything else on the other one.
This is how it's usually done and is most effective for providing good QOS.
Let me know if you need more info!
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
The Linksys RV units dual WAN ports are for fail-over or round-robin needs.

I have an RV082 at home with two ISPs for fail-over capabilities (i.e. cable modem goes out, DSL takes over).

0
 
PugglewuggleCommented:
Right - they are only for failover or for outgoing traffic round-robin routing. However, they do not support enterprise functionality like you need for this particular situation.
0
 
wcrickettsAuthor Commented:
Wow thanks for the quick replies, well here is the skinny. Initially wanted to have 3 TW telecom T1's be primary and Time Warner cable connection as failover.  When T1's are connected we get 4up/4down, when we connect cable to wan2 we get 10down and 2.5up.  I talked to Linksys and they said this is by design.  We are about to upgrade to a 10down/10up pipe and are worried if this router can handle this traffic.  Any recommendations would be appreciative.
0
 
JFrederick29Commented:
IMO, It should be able to handle it just fine.
0
 
PugglewuggleCommented:
You should be getting 4.5 up/4.5 down on the 3x bonded T1s.
You should be worried - home and cheap small business devices are not meant to be used with speeds this high - they simply choke on it.
You need a router with a higher throughput. I recommend the Cisco 2800 series routers - they are very good and very fast.
Here is the product page for the 2800 routers so you can check them out:
http://www.cisco.com/en/US/products/ps5854/ 
I recommend consulting with Cisco's presales engineers at 800-553-6387
I will warn you in advance though - Cisco stuff is the best out there but it can be very confusing for someone who hasn't used it before. If you do decide to upgrade to a Cisco router, I highly recommend you take get it configured before you drop it in place and decommision the old one.
Cheers!
0
 
PugglewuggleCommented:
One other thing - they are also quite expensive. I forgot to mention that but be prepared for about $1,200+ for a 2800 router. If that is out of your budget let me know and I'll make a recommendation - but that's really what you need.
Using Linksys stuff on a connection this fast that supports your business just isn't prudent - go with proven Cisco equipment. I wouldn't risk my business being completely offline until you can get a replacement Linksys box to save a few hundred dollars on a router.
It might be expensive, but you get what you pay for. I always remind people trying to get by on the cheap of the inverse - "if you get something cheap, you often pay for what you get in the long run with downtime and trouble."
Just offering my advice. :-)
0
 
wcrickettsAuthor Commented:
Well the cost is not such a factor as the configuration, I am definately not a CCNA, i was thinking about going with sonicwall tz190 or nsa 2400 just so that i would have a qui to work with.  Do you think that these could handle these speeds, or is there no other choice than Cisco.  I agree Cisco is the best but for a non CCNA i cant configure, troubleshoot, or maintain.
0
 
JFrederick29Commented:
Linksys claims that the RV016 does 200mbps of NAT throughput but obviously take that with a grain of salt.  I would expect the router to handle 10mbps as long as you aren't doing 10mbps of IPSEC.  My Linksys does fine with my 8mbps connection.

If you are going to look at Cisco, I would go with an ASA 5505 versus a router unless you need "non-ethernet" interfaces.  The 5505 has the throughput, Firewall/VPN features and a very nice GUI to manage it (ASDM).
0
 
JFrederick29Commented:
The ASA 5505 will cost about the same as the Sonicwall ($500-$600) dollars depending on the licensing you go with.
0
 
PugglewuggleCommented:
The ASA 5505 a great firewall that supports 150mbps of firewall throughput and 100mbps of IPsec throughput. I have deployed close to 20 of these and they are wonderful. I highly recommend it. Just make sure you are certain of what license you need for your situation or you could end up shelling out an extra $500 for a license upgrade down the road. Contact Cisco to inquire about this.
HOWEVER - ASAs and PIXes cannot have multiple concurrent ISPs. Multiple ISP connections on these devices are only for failover/backup in case the main internet line goes down. You MUST use an edge router if you plan on having multiple simultaneously active ISPs and doing LB. Not to mention the ASAs don't support internet routing protocols like BGP. They are meant to be a firewall/VPN concentrator - not a router (although the do route).
The good thing about Cisco stuff though is that you can always come on here if you have a question about configuring or troubleshooting and get a really fast answer - not to mention Cisco has 24 hour support (TAC) if you get a SmartNET Contract. For the ASA 5505 this is only $71 USD annually as of now.
0
 
PugglewuggleCommented:
Also, make sure you have enough user licenses - this limits the number of internal hosts the firewall can support. It's best to get an unlimited license so you don't run into this in the future when growing. The base license only supports 10 internal hosts ("Users" in Cisco's terms).
For a firewall I recommend ASA5505-SEC-BUN-K9 to you - it is a little under $1000 USD and has unlimited users and a Security Plus license already so you don't need to get it later.
But again, to do what you're talking about with multiple ISPs, you REALLY need a router.
0
 
JFrederick29Commented:
I personally would give the RV016 a shot at it first as it should handle the traffic load just fine and they already own it.  If it isn't performing to your/their expectations, you can then look at replacing it with a higher grade appliance.
0
 
PugglewuggleCommented:
I would agree - give your existing equipment a shot first.
BUT - the existing equipment does not perform the functions asked about in the question. A device that supports PBR is required to do this.
:-)
0
 
JFrederick29Commented:
But again, no guarantee that it would work using PBR as again, ISP1 may block traffic sourced with an address from ISP2...
0
 
wcrickettsAuthor Commented:
Well my clients would like to stay with the RV016 but i cant get it to just use failover, when i plug the cable into into wan2 i get higher download speed which is great but slower upload.  No matter what configurations I try it still wants to load balance.  That was the initial reason for the question, was a work around recommended by T1's ISP.  I would be happy if I could plug the T1's into Wan1 and Cable in Wan2 and for the RV016 just use the wan1 unitl it dies and failover to wan2.  But right now when i plug cable in Wan2 it kills my upload speed.  Thanks again for all the help.
0
 
PugglewuggleCommented:
That is correct. No guarantee with setup described in question.
However, if he used the configuration I described (which is what most organizations use in a scenario like this) he could send different kinds of traffic over different interfaces to distribute the load the way he wants.
"Your best bet is to limit certain bandwidth intensive protocols to one faster WAN line and put everything else on the other one." PBR will let you do this.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
0
 
wcrickettsAuthor Commented:
Updating the firmware was the first thing i did, and i still cant get it to just use t1's until failover is needed.  Am i just missing something in the config site?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
If you have the RV016 User Guide, look under Chapter 4 --> System Management --> Multi-WAN

0
 
PugglewuggleConnect With a Mentor Commented:
I think the way the RVs work is that if you have two WAN lines connected it just uses both. I don't believe there is a way to set a policy to only use one line for failover. (If this is what you want then an ASA is fine as it doesn't require concurrent ISP connections)
The RVs use "dumb" failover, basically meaning that one a WAN link goes down it is just taken out of the round-robin pool and all traffic is sent over the remaining interface.
If I'm not mistaken the RV series only does LB on a round-robin basis for outgoing traffic only. This means that it just randomly sends your traffic out a different WAN pipe regardless of traffic characteristics.
If this is what you want and it doesn't matter that traffic is prioritized based on address info, protocol, ports, or packet size, then you don't need a PBR box. However, if you want to use any of these features, you will.
0
 
wcrickettsAuthor Commented:
Thank you guys so much, you confirmed everything pefectly and Quickly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.