[c-nsp] 2801 - can it handle this?
Michael Malitsky
malitsky at netabn.com
Mon May 5 22:46:34 EDT 2008
The specific example I referenced was 12.4. I no longer have the
records available to show the exact train/revision.
Most recently I had problems on an 1800 with 12.4.18a (also tried
12.4.3, 12.4.19. 12.4.18a was TAC's recommendation).
Michael
> -----Original Message-----
> From: Fred Reimer [mailto:freimer at ctiusa.com]
> Sent: Monday, May 05, 2008 4:56 PM
> To: Michael Malitsky; danletkeman at gmail.com
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] 2801 - can it handle this?
>
> What version of code was the router running. There was a
> major rewrite of
> the IPS code in 12.3(11)T. If you were running anything prior to that
> performance was lacking.
>
> Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> Senior Network Engineer
> Coleman Technologies, Inc.
> 954-298-1697
>
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Michael Malitsky
> > Sent: Monday, May 05, 2008 1:29 PM
> > To: danletkeman at gmail.com
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] 2801 - can it handle this?
> >
> > > Date: Sun, 4 May 2008 00:36:01 -0500
> > > From: "Dan Letkeman" <danletkeman at gmail.com>
> > > Subject: [c-nsp] 2801 - can it handle this?
> > > To: cisco-nsp at puck.nether.net
> > > Message-ID:
> > > <dcbb85870805032236w46b1b210k492dec5603593107 at mail.gmail.com>
> > > Content-Type: text/plain; charset=ISO-8859-1
> > >
> > > Hello,
> > >
> > > I have a 2801 router with the firewall IOS. I have a 10mbit
> > > connection to the internet. There will be anywhere from 100-300
> > users
> > > using this router for browsing the internet at one time.
> > >
> > > I will be running ips and some security acl's. No voip,
> maybe one or
> > > two video connections.
> > >
> > > Will this router be able to handle this amount of connections?
> > >
> > > Thanks,
> > > Dan.
> > >
> >
> >
> > The specs from Cisco say no problem, but I've run into a number of
> > issues trying to use ISRs (2800 and 1800 series) for
> multiple purposes
> > simultaneously (router, firewall, etc). The closest case I
> had to your
> > scenario was trying to use 2 2811s as a failover/redundant firewall
> > with
> > NAT and IPS. We hardly had traffic reaching 10Mb, but the
> setup kept
> > crashing - the reason was never fully tracked down, TAC was
> taking too
> > long. Replaced with a pair of ASAs, not a single hiccup since.
> > Similar experiences elsewhere - I don't see these platforms
> as viable
> > for firewall/IPS purposes unless the traffic levels are very low. I
> > don't know if this is due to bugs or performance limitations.
> > For similar money, the PIX or ASA appliances are far more stable and
> > can
> > handle much higher loads.
> >
> > Michael
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list