RE: ethernet-to-ethernet router: a piece of the puzzle

[Todd Schroeder <todd () stipples com>]

While a 2600 could meet the needs specified, it will not route at 10mbps.
As I recall, a 2600 tops out around 3mbps (I'm going from memory here, so
grant me some slack).  I believe you need to get up to at least a 3640 for
10mbps routing.  If you're adding encryption at the router, you'd be wise to
beef up the CPU a bit.  Perhaps a 3662.

-Todd

| A Cisco 2600 would do the trick.  A 3600 would give you room to grow,
| interface wise; and a top end 3600 (3660) would give you plenty of cpu in
| case you needed it later.  Are the VPNs ptp?  E.g. if you have two PCs
| using a vpn client, then the router would have no extra overhead.  If the
| router is one end of a branch-branch or client-server tunnel, then you
| would need more cpu, depending on the bandwidth and encryption scheme.
|
| A Nortel CES would do the job really well, as a router, vpn engine, and
| even firewall.  I would think a CES 2600 would do it (3des, ipsec, 65Mbps
| throughput, 1000 tunnels.)  The windows client software for the CES
| rocks--lightweight, small footprint, easy to use, and conflicts with
| nothing.
|
| Linux on a PII 450 with 128MB ram and a 20GB hd would do it as well, using
| FreeSWAN and IPchains.  Harden the OS though (Bastille would do this for
| you.)  Great solution.  Inexpensive too.
|
| *BSD is a great OS, but I haven't used it in years, so I don't know what
| firewall/vpn/routing capabilities it has....  Rock solid, great
| networking, fantastic os.
|
| --
| --
| --Patrick Darden                Internetworking Manager
| --                              706.354.3312    darden () armc org
| --                              Athens Regional Medical Center
|
| On Wed, 13 Dec 2000, Irwin R. Naumann wrote:
|
| > What would you recommend as an ethernet-to-ethernet "router"
| situated between
| > a 10Mb fibre link WAN and an ethernet LAN?
| >
| > This would be the first piece of an in-depth security defense.
| >
| > Requirements:
| > o ingress/egress filtering for RFC1918 addresses, spoofed
| addresses, reserved
| >   network addresses, NETBIOS, other specific ports
| > o FTP traffic from web/ftp server (5-10 MB per download)
| > o routing minimum 2 Class C network equivalents
| > o VPN for 5-10 users
| > o DMZ
| >
| > There will a Stateful Packet Filter firewall sitting between
| the "router"
| > and the LAN.
| >
| > Would you recommend a hardware only solution?
| >
| > What size CPU and memory would adequately handle a *BSD
| solution running ipfilter
| > with 2 or 3 NIC's?
| >
| > I have begun to look at the Gnatbox, Netopia 9100R, Cayman Router,
| > Cisco 1600 Series, SonicWall Pro, Multicom Ethernet II, WebRamp 700.
| >
| > Experiences with any of the above appreciated.
| >
| > Does anyone in *North America* have experience with Lightning's Multicom
| > Ethernet II router?
| >
| > Thanks,
| >
| >    Irwin
| >
| > _______________________________________________
| > firewall-wizards mailing list
| > firewall-wizards () nfr com
| > http://www.nfr.com/mailman/listinfo/firewall-wizards
| >
|
|
| _______________________________________________
| firewall-wizards mailing list
| firewall-wizards () nfr com
| http://www.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards