Internal Router Only

Archived from groups: comp.dcom.lans.ethernet (More info?)

Hi,
Im trying to source a router for internal routing only. I want to
connect our current network with a network of factory machines which
use a different ip range (Our domain 192.168.1.xxx, Factory
192.168.2.xxx). Im after a reasonably priced solution that will
prevent packets from the factory network reaching the office network,
but still allow the office to connect to the factory machines. Im
assuming that I will need a router with 2 ethernet ports that will
connect to the appropriate switched. Could anyone recommend a good
solution that isnt too expensive? (was thinkin up to £500ish). I don't
want anything too fancy as I dont need firewall/vpn/adsl etc. just
internal routing.

Thanks
4 answers Last reply
More about internal router only
  1. Archived from groups: comp.dcom.lans.ethernet (More info?)

    coconutpete@hotmail.com (Mark) wrote:
    >prevent packets from the factory network reaching the office network,
    >but still allow the office to connect to the factory machines.

    Won't a 'home' router along the lines of a Linksys BEFSR41 (or 11)
    with the WAN port pointing at the factory and the LAN port pointing at
    the office network do what you want? [You'll probably want to disable
    the DHCP server on the LAN port.]
  2. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Does anyone have VPN performance numbers for the 830 series? (pps I
    guess).

    I have done a quick search and can find (as usual with cisco
    performance numebrs) exactly nothing.
    I am interested specifically in IPSEC
  3. Archived from groups: comp.dcom.lans.ethernet (More info?)

    In article <2f68fab2.0501310308.355d7fcb@posting.google.com>,
    Mark <coconutpete@hotmail.com> wrote:
    :Im trying to source a router for internal routing only. I want to
    :connect our current network with a network of factory machines which
    :use a different ip range (Our domain 192.168.1.xxx, Factory
    :192.168.2.xxx). Im after a reasonably priced solution that will
    :prevent packets from the factory network reaching the office network,
    :but still allow the office to connect to the factory machines.

    That can't be done if you are using TCP. TCP *needs* return
    packets: you *want* packets to return from the factory network
    if you are using TCP.

    Perhaps a more precise criteria would be that you do not want the
    factory network to be able to initiate connections to the office
    network? If so, then what are your plans with respect to DNS,
    WINS, email, intranet to be able to read the Material Safety Data Sheets,
    and so on? Are you planning to use a network monitoring package
    that uses SNMP to examine the state of the switches and/or devices?
    SNMP is UDP based, and UDP can't tell replies from new transmissions.

    :Im
    :assuming that I will need a router with 2 ethernet ports that will
    :connect to the appropriate switched.

    Not completely true: you could do it with a single port "router
    on a stick" if the router and your switch support 802.11Q VLANs.

    :Could anyone recommend a good
    :solution that isnt too expensive? (was thinkin up to £500ish). I don't
    :want anything too fancy as I dont need firewall/vpn/adsl etc. just
    :internal routing.

    £500 would easily cover a true firewall such as a PIX 501, but as
    the other poster pointed out, you can probably get away with a
    D-Link or Linksys or Netgear device that has stateful packet inspection
    (SPI). These devices tend to assume that you have many addresses
    on the secure side that are to be network address translated (NAT)
    into one [or sometimes two] source IPs as they go out. If your factory
    machines will have a need to differentiate between different office
    sources (e.g., for logging or authentication purposes, or because
    you have some protocols other than TCP or UDP in the mix), then
    you will have to do a bit more digging.

    I don't recall that you gave any bandwidth estimates that the
    router would need to handle?


    If, after reflection upon the points I raise above, you find that
    your situation is more complex than you were previously thinking,
    then you might find that a Cisco PIX 501 (possibly
    with the optional "50 user license"), or Cisco 837 VPN Bundle
    might make more sense.
    --
    The image data is transmitted back to Earth at the speed of light
    and usually at 12 bits per pixel.
  4. Archived from groups: comp.dcom.lans.ethernet (More info?)

    In article <1107207963.419972.234880@f14g2000cwb.googlegroups.com>,
    <anybody43@hotmail.com> wrote:
    :Does anyone have VPN performance numbers for the 830 series? (pps I
    :guess).

    :I have done a quick search and can find (as usual with cisco
    :performance numebrs) exactly nothing.
    :I am interested specifically in IPSEC

    A question probably better put to comp.dcom.sys.cisco, but no
    matter, I've looked up the numbers recently anyhow:

    http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/netbr09186a00801f0a72.html

    Cisco 830: 10 tunnels (peers), 7 Mbps 3DES, 2 Mbps AES-128

    The high 3DES relative to the AES-128 is due to the fact that
    the 831, 836, and 837 have hardware DES and 3DES acceleration that
    does not support AES, so AES is done in software.

    For comparison, since you appeared to be reacting to my mention
    of the Cisco 837: the Cisco PIX 501 is 3 Mbps 3DES, 4.5 Mbps AES-128
    [software in both cases], and the PIX 506E is 17 Mbps 3DES,
    30 Mbps AES-128 [hardware support.]


    For Cisco IOS routers, a useful performance comparison can be found at
    http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf
    These are raw pps figures, not IPSec figures. Different models and
    software releases react differently when additional features such as
    NAT or QoS are added to the mix: some slow down drastically and others
    like the new 2800/3800 series are supposed to be able to keep going at
    full speed with a wide range of features turned on.
    --
    Caution: A subset of the statements in this message may be
    tautologically true.
Ask a new question

Read More

Routers Connection Ethernet Card Networking Product