Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Router Upgrade recommendation

Posted on 2011-10-28
13
Medium Priority
?
356 Views
Last Modified: 2012-06-21
just thought i'd get some opinions on hardware recommendation.  We currently have a cisco 2821 with a 4 port HWIC add in, basically it acts as internet gateway, and vpn end point for tunnels and vpn clients.  I was wondering what we should replace it with.  We want to move to the any connect vpn as well.  So what are everyones thoughts?
0
Comment
Question by:jasonmichel
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37045412
In that case (and if you want to stick with Cisco), how about an ASA 5500 series or an SA500.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37045868
can you get an 4 port HWIC for the asa or SA?
0
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 500 total points
ID: 37045913
Personally, I'd stay away from the SA500 series ... very limited in certain areas (e.g. whitelist for web filter) and not a "real" Cisco product (I suspect Linksys technology).
ASA is a very solid and reliable product, though if you are using all 6 ethernet ports available on your current router, you'd either have to make do with the 5505 (smallest model), or get a plugin card to extend the ports (unless you have a decent switch with VLANs and terminate the segments via a trunk port). In the latter case, you could not add a content or IDS module anymore.
Another option might be a Fortinet product, a Fortigate. In contrast to the ASA, it comes with almost every feature included in the base license (SSL VPN, IDS/IPS, DLP, Content Scanner, Spam Filter, etc.) without any additional cost. Compared to ASA pricing, similar FW throughput models are quite a bit cheaper, with more features ...
If you're used to Cisco configurations, please make sure you calculate in some learning time though ... (not that the ASA is that easy to configure without experience)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37045924
(for ASA, the 4-port ethernet card is "4GE SSM") Check this for more details: Cisco Docs
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37046562
yeah we are currently only using the g0/g1  and then 2 of the 4 port HWIC, can the management port on the ASA be used as the LAN interface?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37046594
Yes, the management interface can be used like any other interface.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37046619
looking at the 5550 and the 5540 it looks like the 50 has more throughput and horsepower but doesn't have any add on capability, would that make the 40 a better solution even though it don't have as much base?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37046648
That depends, do you need the horsepower (how big is your network) or do you need the add-ons?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37046681
we have about 350 local users and another 100 or so at the remote offices that occasionally traverse ipsec tunnels for data.  probably 50-75 VPN users, we have a 10gbe network now with cisco 2960 and dual 4900's in a HRSP config
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37046683
oh currently using iprism for web filter, so the 2821 is using wccp to hand off to iprism
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 500 total points
ID: 37048731
ASA 5520 would be more than adequate for you, or if you have the budget, a pair of them in active/standby HA mode. Add SSL licenses and/or anyconnect essentials and anyconnect mobile licenses.
Love the iPrism!
0
 
LVL 2

Assisted Solution

by:lucasrg
lucasrg earned 500 total points
ID: 37051830
hy in this case the best solution will be an ASA 5510 since you can add more ports if you need the and you can do al the vpn funcionalities you are asking for plus NAT and filtering on the ver 8.4 you can have also vpn connections for different movile devices like iPhones, iPads, android and more whit the any connect feature.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37057996
thanks for all the help guys, really helped!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question