Firewall Wizards mailing list archives
RE: ethernet-to-ethernet router: a piece of the puzzle
From: Todd Schroeder <todd () stipples com>
Date: Fri, 15 Dec 2000 07:43:32 -0600
While a 2600 could meet the needs specified, it will not route at 10mbps. As I recall, a 2600 tops out around 3mbps (I'm going from memory here, so grant me some slack). I believe you need to get up to at least a 3640 for 10mbps routing. If you're adding encryption at the router, you'd be wise to beef up the CPU a bit. Perhaps a 3662. -Todd | A Cisco 2600 would do the trick. A 3600 would give you room to grow, | interface wise; and a top end 3600 (3660) would give you plenty of cpu in | case you needed it later. Are the VPNs ptp? E.g. if you have two PCs | using a vpn client, then the router would have no extra overhead. If the | router is one end of a branch-branch or client-server tunnel, then you | would need more cpu, depending on the bandwidth and encryption scheme. | | A Nortel CES would do the job really well, as a router, vpn engine, and | even firewall. I would think a CES 2600 would do it (3des, ipsec, 65Mbps | throughput, 1000 tunnels.) The windows client software for the CES | rocks--lightweight, small footprint, easy to use, and conflicts with | nothing. | | Linux on a PII 450 with 128MB ram and a 20GB hd would do it as well, using | FreeSWAN and IPchains. Harden the OS though (Bastille would do this for | you.) Great solution. Inexpensive too. | | *BSD is a great OS, but I haven't used it in years, so I don't know what | firewall/vpn/routing capabilities it has.... Rock solid, great | networking, fantastic os. | | -- | -- | --Patrick Darden Internetworking Manager | -- 706.354.3312 darden () armc org | -- Athens Regional Medical Center | | On Wed, 13 Dec 2000, Irwin R. Naumann wrote: | | > What would you recommend as an ethernet-to-ethernet "router" | situated between | > a 10Mb fibre link WAN and an ethernet LAN? | > | > This would be the first piece of an in-depth security defense. | > | > Requirements: | > o ingress/egress filtering for RFC1918 addresses, spoofed | addresses, reserved | > network addresses, NETBIOS, other specific ports | > o FTP traffic from web/ftp server (5-10 MB per download) | > o routing minimum 2 Class C network equivalents | > o VPN for 5-10 users | > o DMZ | > | > There will a Stateful Packet Filter firewall sitting between | the "router" | > and the LAN. | > | > Would you recommend a hardware only solution? | > | > What size CPU and memory would adequately handle a *BSD | solution running ipfilter | > with 2 or 3 NIC's? | > | > I have begun to look at the Gnatbox, Netopia 9100R, Cayman Router, | > Cisco 1600 Series, SonicWall Pro, Multicom Ethernet II, WebRamp 700. | > | > Experiences with any of the above appreciated. | > | > Does anyone in *North America* have experience with Lightning's Multicom | > Ethernet II router? | > | > Thanks, | > | > Irwin | > | > _______________________________________________ | > firewall-wizards mailing list | > firewall-wizards () nfr com | > http://www.nfr.com/mailman/listinfo/firewall-wizards | > | | | _______________________________________________ | firewall-wizards mailing list | firewall-wizards () nfr com | http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- ethernet-to-ethernet router: a piece of the puzzle Irwin R. Naumann (Dec 14)
- Re: ethernet-to-ethernet router: a piece of the puzzle Patrick Darden (Dec 15)
- RE: ethernet-to-ethernet router: a piece of the puzzle Todd Schroeder (Dec 20)
- RE: ethernet-to-ethernet router: a piece of the puzzle Michael Nelson (Dec 24)
- RE: ethernet-to-ethernet router: a piece of the puzzle Todd Schroeder (Dec 20)
- Re: ethernet-to-ethernet router: a piece of the puzzle Tom Kistner (Dec 15)
- Re: ethernet-to-ethernet router: a piece of the puzzle Patrick Darden (Dec 15)