04-02-2013 06:09 AM - edited 03-04-2019 07:28 PM
I am currently running a 2821 to terminate vpn links from all our branch offices over a WAN. I need to add a second interface in order to facilitate a move to a different WAN provider. seeing as the 2800 models are EOL I was looking for an upgrade. My local retailer wants to sell me the following:
CISCO3925E-SEC/K9 IS Router 3925E security bundle
SEC license pack
HWIC-2T 2 port serial WAN card
MEM-3900-1GU2GB Upgrade to 2GB 1
PWR-3900-AC/2 AC power supply secondary 1
now my question is why can't i use the 2900 models in order to save some money?
All I need is a router that will accept 2 different incoming WANs and the ability to create vpn tunnels over them.. So i defer to the experts to see if you guys can enlighten me a little and hopefully save me some money.
Thanks
P.S if you coudl include part # that woudl be great.
Solved! Go to Solution.
04-02-2013 11:02 AM
Router has three interfaces, after that you can use a switch. So as mentioned before already, you do not need anything else.
Thank you for the nice rating and good luck!
04-02-2013 06:37 AM
Instead of buying new hardware, why not by SmartNet on the 2800? It's a supported product until October 31, 2016. I use the End of SW Maintenance (October 31, 2014) as "must be out of my network by ..." since I usually have to follow strict security policies.
If you do want to purchase new hardware, I beleive that the 3925E is way overkill, especially since you're migrating from a 2821. Are you having performance problems with the 2821? Do you need a 2GB flash card? Most modules are "re-usable" from the 2800 to the 2900 series. Post a show inventory and we can check and see if they are.
04-02-2013 06:44 AM
thats what i was thinking. I need to replace it for sure but i also thought the 3925 was overkill. as all the router supports is 8 VPNs over 3MBps each..
Cisco 2821 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID ***************
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
04-02-2013 06:51 AM
Can you post a show inventory (not a show version) so we can check the cards?
04-02-2013 06:53 AM
Show inventory only gives me this:
NAME: "2821 chassis",
DESCR: "2821 chassis,
Hw Serial#: *************
Hw Revision: 52.57"
PID: CISCO2821 ,
VID: V04 ,
SN: **************
04-02-2013 06:44 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If all you need is a router for (just) a pair of T1s, and VPN, not only might a 2900 series router be a suitable replacement, so might a 1900. The 2821 is rated at 170 Kpps, but even the 1921 is rated at 290 Kpps.
04-02-2013 06:47 AM
It currently supports a MPLS WAN link. and there would be a second one added temporarily during a migration.
04-02-2013 08:27 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You're doing native MPLS with your provider? Or you have some kind of traditional WAN link that connects to a provider that is using MPLS?
04-02-2013 08:36 AM
A traditional WAN link that connects to a provider that is using MPLS
My cisco rep got back to me with the 2921 specs and tells me that it supports 75MBps and the 3925 supports 150Mbps?
CISCO2921-SEC/K9 IS Router 2921 bundle
SEC license pack / 75Mbps WAN ac
HWIC-2T 2 port serial WAN card
MEM-2900-512U2.5GB Upgrade to 2.5GB
FL-SSLVPN25-K9 SSLVPN license 25 users
So will this support what i need? how does the 25 Users SSLVPN license work? by individual ip's coming over the WAN vpn's? or does the count go by vpn tunnels?
04-02-2013 08:46 AM
You have not said which kind of tunnel you need to create, but unless is with AnyConnect clients, you do not need the SSL VPN license.
Likely not even the high speed security license.
For sure you don't need the memory upgrade. And if your connections is T1, you need a T1 interface, not a serial interface.
Attached a document about router performances for you to compare to what you've been told.
04-02-2013 08:54 AM
There's no anyconnect so you're right don't need the vpn license. its actually quite simple. there's cisco's at both ends of a fully meshed MPLS Network with a vpn tunnel across them.. and my current interfaces are copper ethernet
04-02-2013 09:40 AM
Then you should go with Joseph recommendation above, a simple 19xx will suffice, no serial cards and likely does not even need security license.
04-02-2013 09:52 AM
well the 2921 is acceptable as fas as costs go, so I will prob go with that one. so as long as my bundle has K9 that means it does encrytion right? (vpn)
whats the HWIC-2T 2 port serial WAN card? that seems wrong no? I need a copper ethernet interface. same as the one thats built into the 2921 for the secondary Temporary WAN.
Also why get SEC license pak / 75 Mbps WAN ac what does that do exacltly?
Man i hate shopping for cisco stuff..
I really appreciate all thsi guys. thanks again
04-02-2013 10:18 AM
Unless the router has to do encryption, it does not need the security license, and much less the high speed security license.
Then as mentioned before, if the temporary WAN is T1, you will need a single port T1 card, not a dual serial card.
May I suggest you get in touch with a reputable consultant to relieve you from dealing with this stuff.
04-02-2013 10:21 AM
Well it does need to do emcrytion for the VPN tunnels, and not T1's its an copper ethernet connection from the provider's hardware into my 2821 currently.
I will try and find someone i guess.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide