Re: Cisco 2621 opinions

[John Adams <jna-dated-1027022007.c14ec2 () retina net>]

On Sat, 13 Jul 2002, joe macdonald wrote:

> I have a network of about 175 computers that I'm
> looking to put behind a Cisco 2621 router and also
> deploy it as a firewall.  I'm new to the Cisco world,
> so I'm wondering how well these devices work as a
> router/firewall and how drastic the learning curve
> will be (I have deployed firewalls in the past using
> ipfw, iptables, ipchains on Unix systems). Also, my
> network isn't very big, but is the 2621 a suitable
> choice, or would a higher end model be necessary? 
> Would a PIX be able to do this job better? (it's not
> exactly a comlpex routing situation, but is the PIX
> strickly a firewall?)

The 2621 is good for a small network, but when you start to load the 2621 
with many ACLs and large firewall policies, you'll see serious performance 
issues in the network. 

Now, if your uplink is just a T1, the 2621 will do fine -- just keep your 
ACLs concise. You'll also want to load the IP Firewall version of IOS 
(which is reasonably good) instead of a standard IOS build. It's more 
flexible and has some limited stateful packet filtering. 

Personally, I'd build a linux box and put it in place with ipfw. It's 
faster and will probably be more flexible for your needs. OTOH, if you 
really want to use Cisco, consider the PIX firewall instead. 

--john

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards