Showing results for 
Search instead for 
Did you mean: 

Advice for WAN router specs

Hello everyone~

Currently we are using a Cisco SA-540 to handle a 150Mbps (fiber ONT with 1Gbps copper Ethernet) for multiple VPN connections (AES-128) in a small datacenter.  At peak hours, during a perfect storm, the SA-540 crashes and burns ... And often takes up to 10 minutes to come back online and re-establish the VPN.  Needless to say, it's not handling its task very well.  (Probably my fault for too high of expectations ...)

The option I have been considering is a Cisco 2901 with Enhanced High-Speed WIC (EHWIC-1GE-SFP-CU).  Will this configuration be able to function appropriately in this environment?  I need to assign 5 WAN IP addresses, enable NAT routing, and establish/maintain multiple secure tunnels with solid performance -- and most importantly, during the peak of the peak hours, I need to be able to handle up to ~150Mbps in either direction at one time.

Network security features, such as content filtering, etc. are not necessary.  Just need a solid firewall and NAT router that won't crash on me during peak production hours, and keep any possible script-kiddie WAN attacks from flooding the router's resources.

Any help or suggestions are greatly appreciated.  Thanks so much.

-- Laz Peterson


Also, what would be the advantage to investing in the VPN ISM?  Would the performance increase be worth the investment?  Without this module, does standard VPN support impact the router performance significantly in any way?

Thanks again.


Check attached.


Paolo --

Wonderful read!  Thank you so much for the information.  Seems that as far as throughput and encryption is concerned, this router should handle my needs no problem.

In regards to the WIC, will the aformentioned model (EHWIC-1GE-SFP-CU) be able to route and handle all of my tunnels, IPs, and WAN needs?  I connect straight into a 1Gb copper RJ-45 (65Mbit bidirectional, with 150Mbps burst download), same connection as a LAN NIC, for my internet access.

Thanks again Paolo.



You don't need any additioanl card. Router comes with three gigabit interfaces already.

Please remember to rate useful posts clicking on the stars below.