Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can you recommend a CISCO for my setup? Replacing a Linksys Router.

Status
Not open for further replies.
benzguy777

benzguy777

Vendor
Sep 17, 2002
74
0
0
We want to change our Linksys BEFSR41 Router to a CISCO. Hope someone can recommend what model we get as I am not so familiar with Cisco.

It should have all the features of the Linksys + VPN Capabilities. We use Port forwarding, PPOE for connection to our DSl model, DMZ and other Linksys BEFSR41 Features.

AN Entry Level Cisco would do as long as it has VPN + Linksys features.

Thanks!
 
Sort by date Sort by votes
Well Linksys is Cisco... but I guess that's not the answer you were looking for! What sort of VPN functions are you looking for? Do you want the router to connect back to a central office, or do you want remote users to be able to connect to your network through this router? If so, how many VPN sessions do you want to run simultaneously? Have you contemplated something like - could provide all the functions you need much cheaper than a Cisco device, and has an easier to use interface.

Adam
 
Upvote 0 Downvote
Aboslutely NOT is a Linksys *router* a Cisco. While it is true that Linksys was bought by Cisco, that does not suddenly give the Linksys the capiblities of a Cisco router.

Also we need clairify something else, A router generally will not have a DMZ port, a firewall will have a DMZ port. So do you need a "router" or a "firewall"? Based on your question, I would say that you want to replace the Linksys with a real firewall?

If that is the case, Cisco has some choices but they are not cheap. A better choice for the SOHO and at the same price point of 500ish dollars (US) is the Noki/Checkpoint IP40. Solid unit with a DMZ port. SonicWall has one also but I've not been nearly as impressed (read as happy) with Sonicwall or their support. There are a dozen solutions based on Linux for pay or free. ONe that comes to mind is Smoothwall. A site with some good info is :
All of this is based on needed a DMZ port. If the DMZ goes away, then it's a different ballgame.

MikeS



Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
I wasn't trying to infer that a Linksys router was of the same caliber as a Cisco box... perhaps I should have said <sarcasm>Well Linksys is Cisco... but I guess that's not the answer you were looking for!</sarcasm>. I'm a huge fan of Cisco equipment... I run an all Cisco network here at work. I'm currently a CCNA working on a CCNP certification, so my career is invested in them as well. I am also a strong supporter of Linksys equipment for home and small office use. We have a Cisco VPN concentrator here at the main site and have a lot of remote users connecting over broadband. If they want to get some sort of router to share their connection at home, I always recommend that they get a Linksys device. I've had very few problems with them, and they are extremely easy for a networking novice to use. I've had users try to use SMC and D-Link devices and have had nothing but nightmares. Having said that... a Cisco device will always have more capabilities and grunt that a Linksys device, it just depends on whether you need those extra capabilities, and if you want to pay for them.

Adam Blomfield - CCNA
 
Upvote 0 Downvote
The Cisco Pix 501 should be less than $500 for 10 users, up to about $800 for unlimited users. I've also had less than stellar experiences with Sonicwall.

I've never actually used a Pix other than the 515. If you've got the budget I'd suggest the 506 (around $1000)
 
Upvote 0 Downvote
Lets keep the home users away from the SOHO user. Completely different requirements. I would never recommend a Linksys for any SOHO or anyone who had things stock trades from home or other valuable information at risk. From a security standpoint, a Linksys is marginal at best but then it was never intended to be a high security device to start with. Benzguy did not specify for exactly what he wants to protect but I'm guessing a business interest of some kind. I've deployed Sonicwalls, PIXs, Linksys, Noki and other firewalls and I tend to use what fits the task at hand within a resonable set of parameters. Its the same argument about MTB helmets when I rode alot. Are your brains worth the 10 dollar helmet or the 50 dollar helmet. It astounded me that someone would spend hundreds of dollars for Ti nuts and bolts to save a few grams and cheap out on the helmet protecting the item that science can not repair. So is it better to spend thousands of dollars on a workstation at a home office, working with business documents worth even more money and protect all of this with a throwaway device for under 60 bucks? This makes zero sense in the big picture. It makes even less sense when here in CA if you are a business and get hacked, you have to say it in PUBLIC and if it came out that you were hacked due to the failure of a 60 dollar cheapo &quot;firewall/router&quot; at a SOHO, the sharks would be on you so fast, your head would spin.

Even the average home user is at risk any more as more and more bad guys are starting to understand that the average user, with their cheapo firewall is ripe for the picking of all kinds of personal information ranging from credit cards, passwords and banking info in the form of Quicken etc. It's bad enough with the worms and backdoors, why make it any easier?

:::stepping down of soap box:::

After having to clean up a few nasty messes for people, I tend to get wound up about this side of security. Apologies in advance if anyone is offended.

MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
Upvote 0 Downvote
Thanks for all the info guys. I should have said earlier nature of business. We are an Outsourcing Company that connect to our US clients through VPN/Terminal Serices to enter data (very confidential).

So we need to have a more secure system. Our initial requirement is for only one client but I see this to grow in the near future. As of now we already use Terminal Services to work on the DATA there in the US but we have no secure VPN connection. We use a LINKSYS BEFSR41 Router and want to get CISCO as our client would also want our line to be secure. Our client use Netscreen 25 ( How is this brand compared to CISCO? Hackers make hack into our system here and if we are connected to our clients the hackers could pass through our system to get to them. So it is also for the peace of mind of our clients that we have secure infrastructure.

I don't think DMZ would be that important. I rarely use this in LINKSYS.

I am more concerned about secure VPN, Compatibility of my CISCO eventually to our future clients in the US which I think would have CISCO, NORTEL or other Good Equipment.

I use port forwarding to open up some services like Remote control of some servers/PCs when I am in another location.

I was looking at the CISCO 1760. We will be connecting this to a PPOE DSL Modem.

Thanks so much for the help! Will wait for your comments.


Francis
 
Upvote 0 Downvote
To see how well firewalls stack up against one another, check out this link:


Here is the report for Netscreen products:


The 1700 series Cisco was/is designed expressly for the SOHO world and for using VPNs. It's nice box, very reliable and based on traditional Cisco IOS unlike some of the other &quot;SOHO&quot; devices that Cisco has pushed in the past. Generally speaking, Cisco will talk with anything given the right configuration and Cisco's TAC is the best at sample configurations bar none. Cisco provides for port forwarding in the IOS either dynamic or static, your option. THe VPN count for the 1700 series was something like 5 users but I would look that up instead of trusting my admittedly rusty and caffine deprived memory this AM :) Terminal Services are a good step towards security but I would look into a multilayered approached and not rely strictly on the router/firewall. Look at something like Tripwire to watch the network from the inside in the case of someone punching through the firewall. MAke sure the authentication is setup correctly for the TS connection... ie.. dont leave it up all the time and make sure the user has limited rights. Here is a document on securing terminal services.


MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
Upvote 0 Downvote
If you're looking for an easy to manage and secure system I personally like the Cisco 3000 series of VPN devices. We use a Cisco 3005 Concentrator with 3002 Hardware clients at the remote offices. It plugs directly into a DSL or Cable modem and creates a 3DES 168 bit encrypted tunnel back to the central location. It also has a software client that can allow remote users with notebooks to tunnel back into your network.

3005 Concentrator -
3002 Client -
 
Upvote 0 Downvote
Along the sames lines i am looking to get into the cisco world and eventually replace my firewall with a cisco router with firewall, vpn and possibly voip (fxs) capabilities as well as the ability to forward traffic on one udp port to a specific internal ip address - i believe i can do this with a properly configured 1720 - (and that is where i need help!) - any thoughts on cards, IOS releases etc??? - i have a small 5 person office with a cable modem currently going to a sonic wall. thanks!
 
Upvote 0 Downvote
Another good thing about the 3000 series is that you can enforce policies on the remote users regarding software firewalls and, soon if not now, antivirus.

 
Upvote 0 Downvote
Another thing to keep in mind is that Cisco and other vendors are rolling out the ability to create a &quot;VPN&quot; with SSL instead of ipSEC or other protocols. This means there will not need to be an agent on the client in many cases. THere is a promised upgrade from Cisco which I'm waiting for to test :)

MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
Upvote 0 Downvote
I just have to throw this in.

Cisco started by buying other vendors' equipment and slapping their name on it...just like they just did with Linksys. So a Linksys is a Cisco now.

Of course, their equipment has evolved since then; and I am completely pro Cisco.

In fact, the new Linksys models coming out are starting to include some nice changes.
 
Upvote 0 Downvote
hehehe... Cisco has bought other vendors for years. The 1900 switches were originally &quot;Creshendo&quot;.. which is why there are two flavors of the 1900. The older full size unit with the RS232 jack on the back and the newer 9.x code 1/2 size chassis with the RJ45.

Their content switches were &quot;Arrow&quot; I think.. never amounted to much but they really wanted the technology, not so much the hardware.

And on and on...

MikeS


Find me at
&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu
 
Upvote 0 Downvote
My 2cents

I changed out my Linksys with an 806 Cisco router. It has a firewall IOS and can be configed for VPN's. Cisco has some better models but the 806 was cheap (less than $300) and easy to setup fpr PPPOE. I have had no problems with it and the 806 work great for small office and home office setups.

SF18C
CCNP, MCSE, A+, N+ & HPCC

&quot;Tis better to die on your feet than live on your knees!&quot;
 
Upvote 0 Downvote
Looking at the Netscreen 5GT. What do you think? It's GUI so I can manage it.


Problem with the 1760 is that I have to hire CISCO guys once in a while to configure it.

A friend was also recommending a LINUX BOX with IP Tables. Good thing about this is that you can set premissions on only Specific IPs to let into your system.
 
Upvote 0 Downvote
Any firewall or &quot;real&quot; router will let you set access lists to restrict traffic. The Pix also has a gui, or you can use the command line.
 
Upvote 0 Downvote
I personally like the Netscreen. It does VPN's and does all its firewalling in ASICS. The web UI is nice but it also has a very good command line.

NetEng
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
206
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
176
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
192
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
183
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
227
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top