Solved

Cisco Routers

Posted on 2016-07-20
17
76 Views
Last Modified: 2016-08-15
I have a client that is using a Cisco RV325. Here is a brief overview of their company:

1 main site housing servers with applications
5 remote sites total. 2 sites are using direct VPN connections to main site. 3 sites are connected using direct fiber through ISP.
Traffic between ISP fiber sites is routed using VLAN's
There are about 300 total users combined in all offices and every person has a PC that connects to the main site for the main applications.
There are about 50 users that connect using laptops from outside the office.
Email is hosted.

So I am pretty sure this office has too much going on for an RV325. We put in a new one 3 months ago and it has since failed. This week. I put in another new one and I do not think it will last very long. I need to find something that can handle this amount of traffic with everything going on and not fail.

It would also be helpful if the new model can be configured using a GUI. No one on staff is very familiar with CLI for Cisco.

So features wanted:
GUI interface for config
VPN site to site for up to 5 sites
Mobil VPN for 50 laptop users
Capable of using VLAN's

At the main site, we have 5 Cisco switches. It would also be helpful, if the new device has at least a 5-8 port switch on it, so all central switches can be connected directly to it instead of through a daisy chain. The RV325 has a 14 port switch.

Can anyone give me a recommendation that will not completely break the bank. Even though this company has a lot going on, they are still considered a small business and do not have a large IT budget for this. I would guess less than $1500 total.

Thank you for taking the time to read this and in advance if you respond. Any info would be greatly appreciated!
0
Comment
Question by:Luuker
  • 6
  • 5
  • 4
  • +2
17 Comments
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41722045
Ouch, for $1500 or less, maybe a sonic wall, but they really need to consider more money for a Cisco 2900 series that is a lot good my on for a small router like that, or any off the shelf for that matter.

Some may suggest draytek, but I am not familiar
0
 

Author Comment

by:Luuker
ID: 41722048
They had a Sonicwall but the Global VPN client software was blue-screening laptops so we had to move away from that.

I am open to other brands besides Cisco, I just figured they were the best.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41722049
I have an RV325 in my home office. 300 Users?  Way too much for an entry level commercial router.

I suggest you consider a good Cisco router. It is capital so can  be written off over 3 years and as such, no more expensive than an RV325 which is expense (not enough money to capitalize).
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41722051
If you want good, robust VPN client software, get NCP Secure Entry (www.ncp-e.com). Bombproof. We use if for all clients - For Profit and Not-for-Profit.
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 41722159
If sonicwall is a nogo, I would suggest you get a Cisco ASA 5506. I prefer cli to configure but you can use ADSM GUI. regarding the switches I would suggest you set them in a collapse core,connect 4 switches to 1, then that one connect to Asa. You may also want to check out watchguard xtm
0
 
LVL 13

Expert Comment

by:SIM50
ID: 41723051
You need to measure the bandwidth first before buying a replacement.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41723058
The RV325 has 900 Mbits/sec internal throughput (which is why I like it).
0
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41723115
between inter-vlan traffic and VPN tunnels and clients, I would be much more concerned with the processors, a Cisco 2921 would quickly be bogged down with that, seem that happen on my network, we had to move the inter-vlan traffic to the layer 3 switches which can process that better than the router.

Routers are really meant for WAN connectivity which is why they support on the fun modules like atm, sonet, docsis, serial, dsl, ext.  you won't find them on most layer 3 switches sense they are internal and predominantly ethernet connections.

What is your internet bandwidth and switch model?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Luuker
ID: 41723149
Internet is 100mb fiber. Switches are combination of Cisco SG300 and Cisco SG200.
0
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41723231
are the direct vpn connections MPLS just a VPN tunnel over the internet?

are you using SSL vpn?
0
 

Author Comment

by:Luuker
ID: 41723235
Our direct connections from office to office are similar to MPLS except everything goes through 1 single box over the fiber. The others are just direct site to site VPN's.
0
 
LVL 11

Accepted Solution

by:
Bryant Schaper earned 500 total points
ID: 41723240
ok, so maybe a managed router from the provider to MPLS.

Instead of a new router, maybe consider a layer 3 switch instead?
0
 

Author Comment

by:Luuker
ID: 41723242
With the Sonicwall we were using SSL VPN but when we removed it we are using straight terminal services now. It would be nice to go back to a SSL VPN but not a deal breaker either way.
0
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41723396
SSL has a 20mbps limit on the rv325, creating bottleneck I would imagine.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41723397
I don't have that kind of bottleneck on my RV325 (that is why I got it). I still think it is small for 300 users.
0
 

Author Comment

by:Luuker
ID: 41730175
What about setting up an i5/8gb workstation and running PFSense? It seems to have all the features I am looking for and since it will be a full blown current PC, processing power shouldn't be an issue anymore.

Anyone use one of these in production?
0
 
LVL 11

Expert Comment

by:Bryant Schaper
ID: 41730220
all processors are not the same, routers and switches use dedicated asics to route the traffic faster, depending on traffic that may not work.  Cant say if it will or will not work, just that an i5 is not the same a router or switch processor.  In them they are purpose build and general .
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now