Professional Documents
Culture Documents
Home
Cisco 1921/ K9
Answered Question
1: At my Corp Office i have installed a Cisco 1921 /K9, I want to know that how many IPSec
VPN Tunnel Cisco 1921 /k9 can support and what is the IPSec VPN throughput ?
2: I have connected a bandwidth link (150 Mbps Download and 25 Mbps upload) to my Cisco
1921/K9, i want to know whether Cisco 1921/K9 is capable to handle 150Mbps Bandwidth ?
3: If one of my retail location is running on 10Mbps bandwidth on Cisco RV220W connect to
Corp Office's Cisco 1921/K9. how much bandwidth IPSec tunnel will use?
4: I have 200 Retail locations and each have 3 computer and 5 computers maximum, Connect
over wifi and wires (Mix few are on wifi and few are wired) Which one is batter to install at
Retails location Cisco RV325 or Cisco RV220W.
Thanks,
Sandy
Replies
Collapse all
Recent replies last
The 1921 is far to slow for that task. With a limited budget, I would go at least for a 2921 if it
should be an ISR G2. But there are now the newer ISR4000, where the 4331 looks like a good
choice.
And for real redundancy, you should have two of them, one for each internet-connection. Or
one faster one for the primary link and the 1921 for the backup link. But with the 1921, only
150 tunnels are supported.
For the retail locations I wouldn't use one of the SMB-devices. The 800 series routers should be
fine there.
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
You don't need two firewalls to operate both links, but if you wan't also some level of HA, you
should have two of them. Two 5515-X could be the right device for your needs if you want to
primarily firewall internet-traffic. If you also have much traffic from inside to to different DMZs
(or between DMZs), then the 5525-X could be the right one.
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
ISP1:
CORP Servers
ISP2:
Thanks,
Sandy (Sandeep Sharma)
Sandy@wer-wireless.com
Direct: +01-856-812-0158
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
Please check the below mentioned network diagrams, which one is correct to achieve what i
need....
FIREWALL5512
ISP2:
CORP Servers
CISCO 4331 (IPSec VPN Tunnel)
CORP Servers
ISP2: ---> FIREWALL 5512 ---> CISCO 4331 (IPSec VPN Tunnel)
As per Cisco; License and total number of IPSec combines if we are using Active/Active mode in
load sharing and fail over. (I am not sure please make me correct if i am wrong here)
if it's correct then we can use Cisco 1921 after applying performance license and in that case total
number of Tunnel and throughput would be increased...
CORP Serve
ISP2: ---> FIREWALL 5505 ---> CISCO 1921 (IPSec VPN Tunnel)
Thanks,
Sandy
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
It all depends on how you want your network to behave. Typically I would set it up the
following way:
Both ASAs in Active/Standby Failover. Thats the reason for 5515-X, the 5512-X needs an
extra license for FO. 5512-X +SecPlus license is exactly the same list price as the faster
5515-X.
Both routers terminate the VPNs with VTIs or FlexVPN. Thats also a reason for ISRs on the
spokes. With a routing-protocol you control the routing to the sites.
The ASAs are connected to both ISP on two outside interfaces
The routers are connected to both ASAs on a shared WAN-interface. Here you can control the
traffic by extending the routing to the ASA or by using HSRP to send the traffic to one
router.
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
See More
1
2
3
4
5
Average Rating: 2 (1 ratings)
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
Corp Location:
2 x Cisco ASA 5515-X w/IPS Provides VPN termination, basic routing from ISP connection, IPS
services and Firewall services
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
250 Mbps
(extra hardware not required)
1 Gbps
500 Mbps
200 Mbps
Thanks,
Sandy
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
200 Mbps
Unlimited
250
@ Retail Location:
Which one you suggest from Cisco 800 Series ? each retail location have minimum 3,
maximum 5 users/computers @ different internet speed. 50 Locations are running on 50 Mbps
Download and 10 Mbps upload speed, 10 are running on 10Mbps and reaming are running at
7Mbps. and at each location we need 2 wifi SSIDs one for guest access and another to connect
wifi all in one computers. becasue each location is a retails location and not all computers are
hired wired.
Why not Cisco RV325 ro Cisco RV220W ? both support 25 IPSec VPN Tunnel and at 100 Mbps
throughput.
Thanks,
Sandy
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
Correct Answer
For the retail locations I would look at the 880s series. They are available with integrated
ADSL/VDSL modems and also wireless. The WLAN can be controlled by a WLC.
The management is the reason I wouldn't use the RV-devices. As far as I know, they still don't
have anything that is IOS-like. The AP can be controlled with a WLC which also makes
management quite easy.
For the 4000 router, I only know what is stated in the data sheet and the licensing part of
the config-guide (the last Cisco 4000 router I operated was from a decade ago ... ;-) ).
But there are again feature-licenses like SEC/HSEC that you would need.
It seems that the performance is completely controlled by the license and the 100/300 MBit/s
is the performance with services. But without the HSEC-license you are limited (as with many
cisco routers) to 85 MBit/s encrypted bandwidth and 225 tunnels.
See More
1
2
3
4
5
Average Rating: 5 (1 ratings)
ISR 4331 with 3 onboard GE, 2 NIM slots, 1 ISC slot, 1 SM slots,
4 GB Flash Memory default, 4 GB DRAM default
Default is 100 Mbps, to gain 300 Mbps need to purchase a PERF license...
Platform
ISR4331
Performance-on-Demand License
FL-4330-PERF-K9
Features
See More
1
2
3
4
5
Average Rating: 0 (0 ratings)
https://supportforums.cisco.com/discussion/12370391/cisco-1921-k9