Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
5
Replies

Choosing Internet/Firewall Router

Go to solution
Chris Johnson
Level 1
Level 1

‎12-11-2013 11:11 AM - edited ‎03-04-2019 09:50 PM

I plan on upgrading a network I am working on for a new internet connection. We are bumping from a 16 Mbps internet connection to a 50 Mbps connection. I also want to run the Cisco firewall module on it. I am currently running a Cisco 1841 with Adv Security IOS, which is more than enough for the 16 Mbps connection. I will soon have access to a 2801 running the same IOS and the firewall module. This will be used strictly for the firewall and NAT point for internet. From what I read, neither will be sufficient enough to handle the 50 Mbps internet speeds. My question is would an ASA 5505 be sufficient enough or would I be better off going with a 2811 or 2821. I need to keep the prices below $250 or so and I know I can pick up those options at that price.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
robert.falconer
Level 1
Level 1

‎12-12-2013 02:46 PM

A 5505 can handle that throughput.

A 2811 probably can't do sustained 50Mbps throughput with FW and NAT enabled. 2821 can do this throughput.

If all you need is a small office perimeter firewall, you should just get an ASA.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
robert.falconer
Level 1
Level 1

‎12-12-2013 02:46 PM

A 5505 can handle that throughput.

A 2811 probably can't do sustained 50Mbps throughput with FW and NAT enabled. 2821 can do this throughput.

If all you need is a small office perimeter firewall, you should just get an ASA.

0 Helpful

Go to solution
Chris Johnson
Level 1
Level 1
In response to robert.falconer

‎12-14-2013 03:31 PM

Thanks for the help. I found a 2821 manufactured in 2010 for only $100, so I picked it up.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Chris Johnson

‎12-15-2013 04:37 AM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

 

On paper, even the 2821 is a bit "light" for 50 Mbps (duplex).

A 2821 is rated at 170 Kpps.  Minimum size Ethernet requires 14.881 Kpps per 10 Mbps.  So, in theory, your 50 Mbps (duplex) could require up to [edit] 148.81 Kpps, and that doesn't account for additional CPU load supporting configured services nor Cisco's generally recommendation you don't want to exceed about 75% of maximum CPU performance (edit - i.e. 75% of 170 Kpps would be 127.5 Kpps).

That said, it's unlikely your link will be running at full capacity all the time, and larger packets have a much lower PPS requirement.

So for $100, you can certainly try it and see how it works for you.

PS:

BTW, Cisco actually recommends the 2921 for up to 50 Mbps (WAN - duplex), but that router is rated at 479 Kpps.

0 Helpful

Go to solution
Chris Johnson
Level 1
Level 1
In response to Joseph W. Doherty

‎12-15-2013 12:39 PM

Thanks for the reply. I realize now from your reply that I probably missed information I should have disclosed. It is a 50 Mbps down and a 3 Mbps uplink, so it is not actually 50 Mbps both ways. We have a 50 down/up speed at work, and we do have a 2921 for that. However, this is for a church I do IT for, and the uploads are at the mercy of the cable company connection. That's why I thought the 2821 would be ok for our connection. Does that change my question any? Sorry for skipping over that part, I wasnt thinking about it when I made the post!

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Chris Johnson

‎12-15-2013 03:41 PM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

  

It is a 50 Mbps down and a 3 Mbps uplink, so it is not actually 50 Mbps both ways. . . . Does that change my question any?

Sure does!  You've just eliminated 47 Mbps, or almost half the possible load.  For that, the 2821 is a much better fit.

. . . and the uploads are at the mercy of the cable company connection.

Shape your egress for your uplink bandwidth, and use FQ.

e.g.

policy-map shape3Mbps

class class-default

shape average 3000000

service-policy sample

policy-map sample

class class-default

fair-queue

interface gige# !cable interface

service-policy output shape3Mbps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card