[c-nsp] 2801 - can it handle this?

Fred Reimer freimer at ctiusa.com
Mon May 5 17:56:23 EDT 2008 

What version of code was the router running.  There was a major rewrite of
the IPS code in 12.3(11)T.  If you were running anything prior to that
performance was lacking.

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Michael Malitsky
> Sent: Monday, May 05, 2008 1:29 PM
> To: danletkeman at gmail.com
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 2801 - can it handle this?
> 
> > Date: Sun, 4 May 2008 00:36:01 -0500
> > From: "Dan Letkeman" <danletkeman at gmail.com>
> > Subject: [c-nsp] 2801 - can it handle this?
> > To: cisco-nsp at puck.nether.net
> > Message-ID:
> > 	<dcbb85870805032236w46b1b210k492dec5603593107 at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > Hello,
> >
> > I have a 2801 router with the firewall IOS.   I have a 10mbit
> > connection to the internet.  There will be anywhere from 100-300
> users
> > using this router for browsing the internet at one time.
> >
> > I will be running ips and some security acl's.  No voip, maybe one or
> > two video connections.
> >
> > Will this router be able to handle this amount of connections?
> >
> > Thanks,
> > Dan.
> >
> 
> 
> The specs from Cisco say no problem, but I've run into a number of
> issues trying to use ISRs (2800 and 1800 series) for multiple purposes
> simultaneously (router, firewall, etc).  The closest case I had to your
> scenario was trying to use 2 2811s as a failover/redundant firewall
> with
> NAT and IPS.  We hardly had traffic reaching 10Mb, but the setup kept
> crashing - the reason was never fully tracked down, TAC was taking too
> long.  Replaced with a pair of ASAs, not a single hiccup since.
> Similar experiences elsewhere - I don't see these platforms as viable
> for firewall/IPS purposes unless the traffic levels are very low.  I
> don't know if this is due to bugs or performance limitations.
> For similar money, the PIX or ASA appliances are far more stable and
> can
> handle much higher loads.
> 
> Michael
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080505/3707c858/attachment.bin

More information about the cisco-nsp mailing list