We are a business with 5 small locations (5-15 users per location), and are in the process of replacing our site-to-site VPN solution at all locations with an MPLS + internet solution from a new provider. My question is regarding which routers to purchase. I have experience with Cisco equipment (albeit a number of years ago), so thats the direction Im currently leaning. However, I am open to other options as well.
We will initially have a single T1 delivered to each location, each T1 carrying interoffice MPLS data and public internet on the same circuit. As I understand it, the internet and private network streams will be encapsulated separately via frame relay encapsulation using different DLCIs to keep them isolated from each other. Our service provider has recommended that we have our edge router dedicated to routing alone, and have it route interoffice (MPLS) traffic onto one inside Ethernet interface and internet traffic onto another inside Ethernet interface; then connect a firewall (e.g. ASA 5505) to the inside internet interface. To me, it makes more sense to consolidate firewalling and routing on the same platform using IOS firewalling and have a single-box solution at each location (delivering everything to a single inside Ethernet interface), but am again open to suggestions.
The HQ site will begin with a single T1 just like the 4 remote sites, but I eventually see additional bandwidth into the MPLS cloud being necessary at HQ (and possibly at the remote sites as well). So, I need some expansion room everywhere, but probably more at the HQ site.
If firewalling and routing is consolidated on the same device at each location, I want to make sure the solution I choose is fast/robust enough to handle routing, firewalling, QoS, etc. (with only a T1 or two at each site, it seems this is easy enough with most any solution??).
My current line of thinking is to choose one of the following options (listed in order of increasing cost). Common to each of these options would be a) a single Cisco T1 HWIC card for each router, and b) the advanced security IOS image for that particular model (for firewalling):
4 x Cisco 1841 (remote sites, 2 HWIC slots) + 1 x Cisco 2901 (HQ Site, 4 EHWIC slots)
4 x Cisco 1941 (remote sites, 2 EHWIC slots) + 1 x Cisco 2901 (HQ Site, 4 EHWICH slots)
5 x Cisco 2901 (all sites, 4 EHWIC slots)
I like the idea of the 2901 at the HQ site since it has four slots (and it a new Gen2 ISR). Is it also a good idea to use Gen2 ISRs everywhere for more future-proofing, or completely unncecesary? For what its worth, the 1941 seems to be brand-spankin new and is not currently in stock through my normal channels.
Lastly, I also would like to consider eventually purchasing broadband at each location (cable, DSL, etc. depending on site) and have a failover site-to-site VPN solution in place in case the primary T1 fails. Each of the aforementioned routers has a second Ethernet interface, so I assume I can use it to connect to a cable modem, etc.
As I mentioned previously I am accustomed to Cisco, however I am willing to consider other options if someone has a recommendation.