02-17-2013 08:42 AM - edited 03-04-2019 07:03 PM
Hello everyone!
We have software router vyatta and about 15 branches with cisco 881w and cisco 1941. All branches have 10mb\s bandwidth and 3 of them have 50mb\s. Link to vyatta has 100mb\s bandwidth and situated in datacenter.
All branches connect to vyatta via vpn site-to-site with ipsec.
I want to change vyatta to cisco router or asa.
Can you please tell me what device should I go for?
02-17-2013 09:12 AM
You can go with ASA 5515 or 5525 X series: http://www.cisco.com/en/US/products/ps6120/prod_models_home.html#~tab-b
ASA supports HA (but doesn't support EIGRP).
You should consider buying IPS software modul also.
02-17-2013 12:43 PM
Greg
You certainly could use an ASA for these site to site tunnels. I sometimes like to do site to site ipsec tunnels with a router rather than an ASA. In your situation I would think that something like a 1921 might be a candidate to replace the vyatta.
HTH
Rick
02-17-2013 12:46 PM
Go for a Router because managbility is easy in router.
Regards,..
02-17-2013 01:31 PM
Rick,
are you sure 1921 would do it (100Mbps IPsec traffic)?
I would rather choose 2951 for this job.
Jernej
02-17-2013 04:05 PM
Jernej
You ask an interesting question and it caused me to do some additional research and resulted in my finding some interesting information. So thanks to you.
According to a white paper from Cisco on performance of ISR G2 (link is below) the 1921 is marginal for this requirement. It claims about 75 Mb each direction for IPSec traffic. To be sure of the capacity for this requirement it would need something in the 2900 series. A 2951 would be nice and certainly has the capacity needed. It looks like a 2921 would probably do also.
HTH
Rick
02-17-2013 09:31 PM
Rick, I was referring to the same datasheet ;)
Greg, if you'll choose router over ASA don't forget to purchase security bundle (SEC) instead of router with base licence.
02-18-2013 10:09 PM
Hello everyone!
Thank you for your answers!
As i said, on couple of branches we have 1941, one of them has 20mb\s channel.
On this channel average traffic 10bm\s average cpu load 20%? maximum 14mb\s and 30%CPU
I can devide traffic on theese categories:
1.Voice traffic from cisco ip phones to asterisk which is behind vyatta
2.Video traffic. There is a video cameras with video registrator placed on most every branch and our security devision sits behind other 1941 and looks for video.
3.pcoip traffic, now we have about 10 zero clients but in future director want to set up to 30 zero clients cisco and wyse goig through vyatta to vmware view server
4. traffic to our servers in DC behind vyatta to AD, accounting software,fileshare, wsus, kms and so on
5. web traffic
With such parameters we have 4 branches, other 11 have cisco 881 with CPU load up to 10-15% channel 10mb\s and traffic:
1. video
2. One-two pcioip clients
3. Four running accounting software
4. couple of calls from ip phones.
Now on vyatta we have firewall with opened forwarded ports to our 3-4 servers, vpn connections from 15 branches with routing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide