K
K
krylovlf2013-11-14 11:13:14
Cisco
krylovlf, 2013-11-14 11:13:14

Choosing a Cisco Gateway

Good afternoon, An office with LAN and a building where it is planned to distribute guest Internet, an office for up to 20 users and guest Internet for up to 100 clients is given. I plan to take a Catalyst 2960 24 switch (WS-C2960-24TC-S) and some cisco gateway. I plan to "saw" the network with vlans into two parts: office and guest Internet, and the gateway should also cut the channel into two parts. A related question: will there be any problems with torrents from the guest vilan, it is necessary that the office traffic be as stable as possible. And the question of choosing a gateway, I climbed onto the kitty site and got lost, there are so many solutions, but I can’t find my own. main criteria: 1) the Internet comes via ethernet, 56Mb 2) you need to share traffic 3) you need a VPN server and client (it will connect to the central office and will receive VPNs from the Internet) 4) Firewall, NAT 5) the option to prohibit bad sites dances from the price tag .

Answer the question

In order to leave comments, you need to log in

6 answer(s)
A
Alexander Mikhailov, 2013-11-14
@asmikhailov

VPN with or without encryption? in principle, Cisco RV016 will be enough for your tasks

T
Timur Tuchkovenko, 2013-11-14
@eill

I would generally stop at some used 1700, they cost a penny on shop.nag.ru.

K
krylovlf, 2013-11-14
@krylovlf

To be honest, I don’t quite understand if I need K9, if K8 loses much, I understand that it’s all about the key length, but is 56bit enough? I still have doubts about QoS, does the piece of iron clearly divide the van into 2 vlans?

A
Alexander Mikhailov, 2013-11-14
@asmikhailov

and you will be encrypted officially? do you have permission? ;)

The 1700s may not pull many encrypted channels - it will die, poor fellow. and with fine-tuning balancing, nat, vpn, etc., they are tight. well, modular interfaces to them, moreover, are already becoming more and more rare and therefore more expensive

R
RazorBlade, 2013-11-28
@RazorBlade

If we consider ISR, then 1941 or even 891 is enough for the eyes (you can not buy a security license for it, although this is illegal). Incoming traffic can be shaped on subinterfaces. VPN is able, both site2site, and client. Blocking "bad" sites will be inconvenient, but possible.
If you take ASA, then the same, at least 5505 or maximum 5510. They are more geared towards encryption and firewall. With additional modules, there is a traffic check for viruses, spam, etc., although you will have to buy subscriptions annually.

D
demon_odinok, 2013-11-29
@demon_odinok

I am leaning towards asashki 5505 in order to buy 2 pieces.

And modules (say ASA-SSM-CSC-10) also take 2 pieces? Then it's cheaper than 5510 with one module and one face

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question