Sign in with
Sign up | Sign in
Your question

Internal Router Only

Last response: in Networking
Share
January 31, 2005 6:08:09 AM

Archived from groups: comp.dcom.lans.ethernet (More info?)

Hi,
Im trying to source a router for internal routing only. I want to
connect our current network with a network of factory machines which
use a different ip range (Our domain 192.168.1.xxx, Factory
192.168.2.xxx). Im after a reasonably priced solution that will
prevent packets from the factory network reaching the office network,
but still allow the office to connect to the factory machines. Im
assuming that I will need a router with 2 ethernet ports that will
connect to the appropriate switched. Could anyone recommend a good
solution that isnt too expensive? (was thinkin up to £500ish). I don't
want anything too fancy as I dont need firewall/vpn/adsl etc. just
internal routing.

Thanks

More about : internal router

Anonymous
January 31, 2005 10:13:26 AM

Archived from groups: comp.dcom.lans.ethernet (More info?)

coconutpete@hotmail.com (Mark) wrote:
>prevent packets from the factory network reaching the office network,
>but still allow the office to connect to the factory machines.

Won't a 'home' router along the lines of a Linksys BEFSR41 (or 11)
with the WAN port pointing at the factory and the LAN port pointing at
the office network do what you want? [You'll probably want to disable
the DHCP server on the LAN port.]
Anonymous
January 31, 2005 4:46:03 PM

Archived from groups: comp.dcom.lans.ethernet (More info?)

Does anyone have VPN performance numbers for the 830 series? (pps I
guess).

I have done a quick search and can find (as usual with cisco
performance numebrs) exactly nothing.
I am interested specifically in IPSEC
Related resources
Anonymous
January 31, 2005 9:17:54 PM

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <2f68fab2.0501310308.355d7fcb@posting.google.com>,
Mark <coconutpete@hotmail.com> wrote:
:Im trying to source a router for internal routing only. I want to
:connect our current network with a network of factory machines which
:use a different ip range (Our domain 192.168.1.xxx, Factory
:192.168.2.xxx). Im after a reasonably priced solution that will
:p revent packets from the factory network reaching the office network,
:but still allow the office to connect to the factory machines.

That can't be done if you are using TCP. TCP *needs* return
packets: you *want* packets to return from the factory network
if you are using TCP.

Perhaps a more precise criteria would be that you do not want the
factory network to be able to initiate connections to the office
network? If so, then what are your plans with respect to DNS,
WINS, email, intranet to be able to read the Material Safety Data Sheets,
and so on? Are you planning to use a network monitoring package
that uses SNMP to examine the state of the switches and/or devices?
SNMP is UDP based, and UDP can't tell replies from new transmissions.

:Im
:assuming that I will need a router with 2 ethernet ports that will
:connect to the appropriate switched.

Not completely true: you could do it with a single port "router
on a stick" if the router and your switch support 802.11Q VLANs.

:Could anyone recommend a good
:solution that isnt too expensive? (was thinkin up to £500ish). I don't
:want anything too fancy as I dont need firewall/vpn/adsl etc. just
:internal routing.

£500 would easily cover a true firewall such as a PIX 501, but as
the other poster pointed out, you can probably get away with a
D-Link or Linksys or Netgear device that has stateful packet inspection
(SPI). These devices tend to assume that you have many addresses
on the secure side that are to be network address translated (NAT)
into one [or sometimes two] source IPs as they go out. If your factory
machines will have a need to differentiate between different office
sources (e.g., for logging or authentication purposes, or because
you have some protocols other than TCP or UDP in the mix), then
you will have to do a bit more digging.

I don't recall that you gave any bandwidth estimates that the
router would need to handle?


If, after reflection upon the points I raise above, you find that
your situation is more complex than you were previously thinking,
then you might find that a Cisco PIX 501 (possibly
with the optional "50 user license"), or Cisco 837 VPN Bundle
might make more sense.
--
The image data is transmitted back to Earth at the speed of light
and usually at 12 bits per pixel.
Anonymous
February 1, 2005 1:02:53 AM

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <1107207963.419972.234880@f14g2000cwb.googlegroups.com>,
<anybody43@hotmail.com> wrote:
:D oes anyone have VPN performance numbers for the 830 series? (pps I
:guess).

:I have done a quick search and can find (as usual with cisco
:p erformance numebrs) exactly nothing.
:I am interested specifically in IPSEC

A question probably better put to comp.dcom.sys.cisco, but no
matter, I've looked up the numbers recently anyhow:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/net...

Cisco 830: 10 tunnels (peers), 7 Mbps 3DES, 2 Mbps AES-128

The high 3DES relative to the AES-128 is due to the fact that
the 831, 836, and 837 have hardware DES and 3DES acceleration that
does not support AES, so AES is done in software.

For comparison, since you appeared to be reacting to my mention
of the Cisco 837: the Cisco PIX 501 is 3 Mbps 3DES, 4.5 Mbps AES-128
[software in both cases], and the PIX 506E is 17 Mbps 3DES,
30 Mbps AES-128 [hardware support.]


For Cisco IOS routers, a useful performance comparison can be found at
http://www.cisco.com/warp/public/765/tools/quickreferen...
These are raw pps figures, not IPSec figures. Different models and
software releases react differently when additional features such as
NAT or QoS are added to the mix: some slow down drastically and others
like the new 2800/3800 series are supposed to be able to keep going at
full speed with a wide range of features turned on.
--
Caution: A subset of the statements in this message may be
tautologically true.
!