[c-nsp] 2801 - can it handle this?
Michael Malitsky
malitsky at netabn.com
Mon May 5 13:28:49 EDT 2008
> Date: Sun, 4 May 2008 00:36:01 -0500
> From: "Dan Letkeman" <danletkeman at gmail.com>
> Subject: [c-nsp] 2801 - can it handle this?
> To: cisco-nsp at puck.nether.net
> Message-ID:
> <dcbb85870805032236w46b1b210k492dec5603593107 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello,
>
> I have a 2801 router with the firewall IOS. I have a 10mbit
> connection to the internet. There will be anywhere from 100-300 users
> using this router for browsing the internet at one time.
>
> I will be running ips and some security acl's. No voip, maybe one or
> two video connections.
>
> Will this router be able to handle this amount of connections?
>
> Thanks,
> Dan.
>
The specs from Cisco say no problem, but I've run into a number of
issues trying to use ISRs (2800 and 1800 series) for multiple purposes
simultaneously (router, firewall, etc). The closest case I had to your
scenario was trying to use 2 2811s as a failover/redundant firewall with
NAT and IPS. We hardly had traffic reaching 10Mb, but the setup kept
crashing - the reason was never fully tracked down, TAC was taking too
long. Replaced with a pair of ASAs, not a single hiccup since.
Similar experiences elsewhere - I don't see these platforms as viable
for firewall/IPS purposes unless the traffic levels are very low. I
don't know if this is due to bugs or performance limitations.
For similar money, the PIX or ASA appliances are far more stable and can
handle much higher loads.
Michael
More information about the cisco-nsp
mailing list