said by vincentkable:
Currently the offices are using tomato routers and linux servers for the following services:
1. Multi wan with failover and load balancing
2. Real time b/w usage
3. Application traffic view
4. QOS: 300+ polycom 650 voip phones. Couple of asterisk servers
6. Site to site vpn between 20 locations (offices+datacenters)
6a. Selective routing of VPN traffic
6b. H/W accelerated crypto
7. Remote workers accessing the network using VPN client.
All options are doable by the hardware you are initially looking at. To clarify further on points 2, 3, and 6a,
For 2 and 3, are you looking for SNMP-based monitoring? Netflow?
For 3 specifically, again are you looking into what Netflow can do, or are you talking application inspection / web
filtering capabilities? Be aware that ISR routers are VERY limited in web filtering capabilties -- better to
get a seperate device / appliance to do this with.
For 6a, presuming you are referring to split tunnel and nonsplit tunnel VPNing, or something like DMVPN?
For the data center, I'd probably stick to the 3845 rather than the 3825, simply because it's going to be
a headend for all your traffic, and for add'n growth room.
Your 100Mbp pipe, is that a Committed Information Rate, or Burstable rate? Is the provider handing
you a fiber connection or pulling a RJ-45 cable to your equipment? If the former, you may have to budget
for additional hardware modules (ATM / POS / serial / NM-x or xWIC cards) for the connectivity. I'd also
budget for extra VPN accelerator cards -- you may want to check out Cisco's VPN performance guidehere
For VPN, are you looking for IPSec / client based connectivity, or SSL VPN? Be aware that the latter also
carries its own licencing (per seat / user-based) and configuration issues that you'll have to budget and
said by vincentkable:
2. The current plan is to buy the cisco gear from ebay / craigslist.
Be aware no smartnet gets you a) no support from Cisco TAC beyond what is available on their website and/or
what you can crib from the internet, and b) no IOS software. You'll likely need Advanced Security minimum loaded
onto all your gear to do what you're asking to do, so if you get gear without that level of IOS, you're SOL. Also,
be aware that ebay / craigslist gear carries its own issues of DOA / faulty gear as well. See the old saying of
"you get what you pay for
," but if you're comfortable with your risk level, go for it
Just my 00000010bits.