?
Solved

Cisco 861W vs Cisco 5505 - Security and Perfomance

Posted on 2009-02-16
6
Medium Priority
?
1,297 Views
Last Modified: 2012-05-06
I need advice on how to setup home/office network and help choosing a good and appropriate cisco firewall.  This is home office and we have a non static IP address for our cable service.  Our mission critical servers are colo'ed at a good facility in Dallas.

Here is our current home office setup:
1) Televantage Phone server - Dell PowerEdge SC 430, Win XP 32 bit
2) Dev & customer service, endpoint 11 server - win 2003 32 bit (horrible cpu usage from endpoint, will move to SBS server as soon as possible)
3) 3 - Dell T3400 station w/ gigabit cards - win XP 32 bit
4) 1 Laptops Dell latitudes with wireless 802g
5) Other - PS3 and Xbox 360 - wireless 802a or b?

New not set up yet:
6) Exchange, VSS, Endpoint, File server - SBS 2003 - Dell PowerEdge 840
7) PowerConnect 2708 Web-managed Switch, 8 Port GE


Here is what I would like to achieve:
1.  Gigabit connection through switch from each client to SBS 2003 on wired.  
2.  Wireless access
3.  Good firewall to protect LAN.


Please look at the diagrams for proposed network schemas:
Diagram 1 - Cisco 861W
Diagram 2 - Cisco 5505


Questions:
1.  Are these schemas accurate and will they work as proposed?  If not please suggest.  
For example:
5505 is a dedicated firewall where as 861W is a router correct?  
Can I get gigabit connection from servers to clients through switch even though 5505 and 861W only achieve 10/100?  Not sure if I need a Gigabit router in configuration to achieve this.

2.  Are these Cisco Firewalls good and will they offer what I need to protect the network.  I have read Cisco IOS with SPI is the way to go.  Which firewall is better?

3.  Can both of these cisco devices handle VOIP.  Currently we use analog phones but would like to switch to VOIP in the near future.

Any help is appreciated!
861W.gif
5505.gif
0
Comment
Question by:DMAC421
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:ricks_v
ID: 23656712
I would defintely suggest either cisco pix or cisco asa.
ASA will have much more features that might not be used in this environment.(e.g:  clientless/web client access)

On the other hand, Cisco Pix still has all the features like advance ACL / firewall, NAT, Lan2lan vpn, remote access vpn, Dhcp server option.

cisco 861 would be a hassle when configured as a firewall and obviously not recommended as it only cover basic acl/ firewall configuration.

Fastethernet is all you need as some clients are on wireless and gigabit only required on your LAN access only from client, in this case, your powerconnect 2708.
0
 

Author Comment

by:DMAC421
ID: 23665651
Thanks for the reply.

Ok so it sounds like the ASA 5505 is the way to go.  Quick question though isnt the ASA 5505 more of a dedicated firewall device so do I need a router between the 5505 and switch as shown in Diagram 2?  I would go PIX but due to budget constraints I need to purchase with AMEX points and there doesnt seem to be any new PIX on shopAmex.

Please let me know and thanks for your help!
0
 
LVL 6

Expert Comment

by:ricks_v
ID: 23665925
yes, it's a dedicated firewall device that works with many many extras (Remote access,L2L, dhcp server, etc)

A router can be placed behind ASA, only if you do multiple vlan , and advance routing(e.g bgp,eigrp, etc).

In this case, ASA is more than enough to handle the basic routing, where asa will be the default gateway for all the machines obviously.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:DMAC421
ID: 23666659
Thanks Rick

So the ASA will be the default gateway.  In the above diagram which do I need 10 or 50 user license?
0
 
LVL 6

Accepted Solution

by:
ricks_v earned 500 total points
ID: 23667267
I guess you mean vpn peers license, you will only need 10 (standard mostly).
note: can always change this in the future anyway if the sites get much larger.
0
 

Author Comment

by:DMAC421
ID: 23673272
thank you
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question