Need a good internal network router

ikalmar,

  I was looking at the Cisco 1811 because of its QoS Bandwidth Shaping / Policing capabilities. As I understand it, the ASA devices are great for getting into a network but are not designed for QoS settings going out to the internet.  Is this not correct?

ASAs are much more limited in their QoS abilities than routers.

A Layer 3 switch has a lot of QoS capabilities, and seems to make more sense for you so far.

yes it is correct, but if you implement qos, the 1811 is not enough, I have 30/30 Meg internet at home, I  used it but if I switched on the firewall features the processor went to 100%, so I upgraded ASA 5505, it is much more better, and it has basic qos features....

What makes a 5505 better for him? This sounds like it will be a core device, something to route between VLANs.

Would I be better off with an ASA on the outer edge of my network and a Layer 3 switch internally as a core switch?  

Does the ASA have the ability to limit bandwidth (so that a slow internet connection can be better shared)?

sorry if you want an internal router better way if you use L3 switch, it gives you more performance

Can I effectively limit internet bandwidth (while keeping internal bandwidth unlimited) by using an ASA 5505 on the edge of the network with a Layer 3 switch in the core?

An ASA in trasparent mode would be ideal at your edge, but since you already have a router, you can use the IOS Firewall, which should be fine depending on your bandwidth requirements.

The ASA can do some QoS, IIRC it can do some policing and shaping, but a router will always be better for QoS than a firewall. Firewalls are not designed to support much QoS.

My vote is still for the L3 switch instead of a router or firewall.

We do not currently have a router... the  Cisco 1811 or a SonicWall NAS were items I was considering for the edge router, but if an ASA 5505 is a better solution, I'd rather go with it.

You can effectively limit bandwidth using the 1811 (as long as you're not pushing too much traffic through it) at the edge. The L3 switch in the core will be your internal router/switch, a 3560 will do 32Gbps of throughput, which is a ton for a small to medium network.

Ok, if you don't have the 1811 yet, you may want to consider the 5505. How much bandwidth will your circuit be? The ASA will do more throughput. It may be able to meet your QoS needs, if all you want to do is shape or police all traffic. It won't have the granularity a router will have with each individual protocol.

So, to clarify, I'm hearing:

Edge Hardware: Cisco ASA 5505
  |
  |
Core Harware: Cisco Catalyst 3560-8PC
  |
  |
Internal Switches: WS-C2948G

This setup would allow me to:
1) Have secure connections from external sources, and
2) Shape bandwidth to the internet while maintaining fast communication in the core

Correct?

Thanks.

Yes, 5505 at the edge and 3560 int he core would be ok. You can run QoS on the 5505 to police/shape or run it on the 3560 if you need to. With the 3560 you should have a fast core.

If you mean VPNs by "secure connections" then yes. You will also have security at the edge due to the nature of the 5505.

Thank you.