[c-nsp] Using Cisco 3825 as Firewall Replacement

Jeffrey Ollie jeff at ocjtech.us
Wed Apr 15 10:35:01 EDT 2009


On Wed, Apr 15, 2009 at 9:24 AM, Darin Herteen <synack at live.com> wrote:
>
> I have a customer who's firewall recently bricked and is unusable. This
> device had previously served as a VPN to their LAN from the outside
> world, restricted access between internal VLAN's, and provided NAT for
> internal addresses to reach the internet. They happened to have a Cisco
> 3825 laying around and I've been attempting to get this router
> configured to duplicate the functionality of the now deceased firewall.
> [...]
> Does anybody have any recommendations or advice to offer regarding this setup and whether or not it can be accomplished.

The 3825 is a fairly nice router, but it can't handle a lot of
throughput.  I don't recall the exact specs (and can't find on a quick
search), but I think that it can only handle <100Mb/s.  That seems
kinda low but I think it wasn't really designed as a packet pusher,
but instead is designed as a platform for services like VoIP etc.
It'll can probably be configured to do what you want, but I'm sure
you'll be disappointed with the performance, especially for LAN->LAN
traffic.

-- 
Jeff Ollie


More information about the cisco-nsp mailing list