cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2011
Views
13
Helpful
7
Replies

Need Router Recommendations

Steven Tolzmann
Level 1
Level 1

Hello everyone,

The company I am working for is a small business, but we have about 4-5 sites that are all VPN'd to a central site. The attached image file is a crude depiction of our network topology.

The goal of our network is to be able to have every site to be able to talk to every other site (including RA VPN Clients), and we are able to achieve this currently through L2L Tunnels. However we are encountering DNS issues on clients where Windows will ignore the Primary DNS Server (the Windows Small Business Server at the core site), and continuosly use the Secondary DNS Server. There are no connectivity problems to the DNS Server.

What we'd like to do is shift away from using the ASA5505s, which are fairly dedicated devices, and use Cisco Integrated Service Routers instead, which will be able to perform services such as DNS and other services without us having to deploy servers at each remote site. We want DNS Setup as follows:

Remote Site-

Primary DNS Server: 192.168.100.1 (IOS Router) >> Forward to the Core DNS Server >> Forward to OpenDNS

                                                                                >> Forward to OpenDNS

Right now we plan on keeping the ASA5505 Sec+ at the core, but we are open to the idea of switching to a Cisco ISR in the future due to the benefits of modularity which will be an issue in the future if we keep the ASA.

My boss (hes network savvy) told me to show him how I would setup the network from a clean slate.

I was thinking about Cisco 2800 series for the core router, but I am not sure what the best option for remote sites would be.

Anyways.. What Cisco ISRs would you guys recommend for our remote and core site(s)? Each remote site has between 1-10 users, however our company is growing at a fast pace, so we want to account for growth.

Thanks in advance for all of your help.

1 Accepted Solution

Accepted Solutions

IMHO, I think the 890 should be sufficient for your 50/10Mbps 10 users remote site.

Now you could always replace the core router first, then get one 890 and do some tests. (or even the 880 you have. just keep in mind the 890 has twice the routing capability as the 880)

View solution in original post

7 Replies 7

sylvain.munaut
Level 1
Level 1

I'd recommend the 2900 series for the core. The 2800 are End Of Life AFAIK.

For the remote sites, what kind of bandwidth do they run ? When you say growth, is that 20 or more like 100 ? (OTOH the cost of a new router is gonna be neglectable compared to the price of 90 new employees ...)

If the access are like 50 Mbps or less, you could probaby keep the 870 you have for now and use 880/890 (G2 series) at the other sites.

Thanks for the recommendation on the core! Will look into that.

All of our static sites use Comcast Business Internet, so up to 50Mbps down, 10Mbps up. The dynamic sites (the 870 routers) use a variety of Internet Services since we use those routers for mobile job sites. Right now we are just looking to possibly replace the ASAs at the Remote Sites with IOS Routers.

I think I might have overemphasized our growth a bit, we are incorporating additonal sites into the network at a steady pace, but I'd say on a typical day the network as a whole has about 10 users max. I don't foresee our number of users doubling in the next year either. We might have about 2-4 Remote Access VPN users at a time as well.

We currently have an 881 Router on the shelf, but it was replaced by an ASA before I came into the project. It was configured with Ezvpn, and was deemed horribly unreliable. A L2L Tunnel between 881 & ASA should be reliable, no? I imagine a 1900 router would be overkill for <10 users?

Thanks!!

The 2800 series router is not yet End-of-Sale/End-of-Life.

Look at the link below and be aware that the values under "Fast/CEF Switching" Mbps is expressed in HALF duplex and un-encrypted traffic.

Portable Product Sheets – Routing Performance

This is the EOL annoucement :

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/eol_c51-631228.html

They're not End of Sale yet, but they are announced as End of Life.

Thanks for pointing this link out Sylvain. 

Hmmmm ... I can't rate your post.  Where did it go??? 

IMHO, I think the 890 should be sufficient for your 50/10Mbps 10 users remote site.

Now you could always replace the core router first, then get one 890 and do some tests. (or even the 880 you have. just keep in mind the 890 has twice the routing capability as the 880)

Thanks for the advice. I think I'll test out the 881 on the shelf first and see how things go.. I think it must have just been configured improperly before, the 881 seems like a robust router.

Review Cisco Networking for a $25 gift card