12-11-2013 11:11 AM - edited 03-04-2019 09:50 PM
I plan on upgrading a network I am working on for a new internet connection. We are bumping from a 16 Mbps internet connection to a 50 Mbps connection. I also want to run the Cisco firewall module on it. I am currently running a Cisco 1841 with Adv Security IOS, which is more than enough for the 16 Mbps connection. I will soon have access to a 2801 running the same IOS and the firewall module. This will be used strictly for the firewall and NAT point for internet. From what I read, neither will be sufficient enough to handle the 50 Mbps internet speeds. My question is would an ASA 5505 be sufficient enough or would I be better off going with a 2811 or 2821. I need to keep the prices below $250 or so and I know I can pick up those options at that price.
Solved! Go to Solution.
12-12-2013 02:46 PM
A 5505 can handle that throughput.
A 2811 probably can't do sustained 50Mbps throughput with FW and NAT enabled. 2821 can do this throughput.
If all you need is a small office perimeter firewall, you should just get an ASA.
12-12-2013 02:46 PM
A 5505 can handle that throughput.
A 2811 probably can't do sustained 50Mbps throughput with FW and NAT enabled. 2821 can do this throughput.
If all you need is a small office perimeter firewall, you should just get an ASA.
12-14-2013 03:31 PM
Thanks for the help. I found a 2821 manufactured in 2010 for only $100, so I picked it up.
12-15-2013 04:37 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
On paper, even the 2821 is a bit "light" for 50 Mbps (duplex).
A 2821 is rated at 170 Kpps. Minimum size Ethernet requires 14.881 Kpps per 10 Mbps. So, in theory, your 50 Mbps (duplex) could require up to [edit] 148.81 Kpps, and that doesn't account for additional CPU load supporting configured services nor Cisco's generally recommendation you don't want to exceed about 75% of maximum CPU performance (edit - i.e. 75% of 170 Kpps would be 127.5 Kpps).
That said, it's unlikely your link will be running at full capacity all the time, and larger packets have a much lower PPS requirement.
So for $100, you can certainly try it and see how it works for you.
PS:
BTW, Cisco actually recommends the 2921 for up to 50 Mbps (WAN - duplex), but that router is rated at 479 Kpps.
12-15-2013 12:39 PM
Thanks for the reply. I realize now from your reply that I probably missed information I should have disclosed. It is a 50 Mbps down and a 3 Mbps uplink, so it is not actually 50 Mbps both ways. We have a 50 down/up speed at work, and we do have a 2921 for that. However, this is for a church I do IT for, and the uploads are at the mercy of the cable company connection. That's why I thought the 2821 would be ok for our connection. Does that change my question any? Sorry for skipping over that part, I wasnt thinking about it when I made the post!
12-15-2013 03:41 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
It is a 50 Mbps down and a 3 Mbps uplink, so it is not actually 50 Mbps both ways. . . . Does that change my question any?
Sure does! You've just eliminated 47 Mbps, or almost half the possible load. For that, the 2821 is a much better fit.
. . . and the uploads are at the mercy of the cable company connection.
Shape your egress for your uplink bandwidth, and use FQ.
e.g.
policy-map shape3Mbps
class class-default
shape average 3000000
service-policy sample
policy-map sample
class class-default
fair-queue
interface gige# !cable interface
service-policy output shape3Mbps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide