I need to chose a cisco router FAST...plz help

[Dark]

Hi, I need to choose a router to use between the ISP router a 1600 and our LAN. So I guess it must be with 2 Ethernet ports and not that expensive. I checked the cisco site and all the 800, 700 and 600 seems to only have one ethernet port.
Plz help.

 

[spidey07]

Cisco 2621 - two 10/100 ports on base with two WIC slots and one network module slot.

 

[Xanathar]

Why do you need a router in between at all? Simply ask the ISP to configure the router as you want. They can configure NAT, DHCP, even firewall rules. If you are trying to create a DMZ, where servers have real IPs, and workstations are firewalled and have NAT addresses, simply get one of the cheap "cable/dsl" routers to throw between the cisco network, and your internal network.

 

[Dark]

nothing less expensive? We thought the ISP would give use management of the router. We need the NAT and to forward some ports to our vpn servers, but it seems they don't want to. They advised us to use a proxy or a router to do the job and they would open all the ports form their sides...The problem is that our client wasn't expecting the extra we'll need to pay for the router.

 

[Dark]

Xanathar: They don't wanna do that. I asked yesterday and they said they're not providing any firewall protection (not even configuring access lists) They're given us 8 public ips but we reserve them for the DMZ in case...
What about that cheap DSL router? any particular model in mind?

 

[Damaged]

That's just fscked up! We include a Cisco 1605-R with T-1 WIC for our T-1 customers, and a Netopia 3500R-U for our dedicated ISDN customers and we configure them to their needs ALL the time. If that's all they're going to do with the danged router they ought just give you a damned bridge!

You oughta do password recovery on the Cisco router and screw them.

If all you need is a cheap ethernet to ethernet router I think NetGear makes one.

 

[Dark]

Damaged: That's what I thought too. When I talked to our client, I advised him to look for another provider but it seems he managed to convince my client. When I spoke to them on the phone they weren't willing to give us any support and I'm just afraid that each time I need to tweak the router to make the vpn work, i'm gonna need to call them and wait for them to move their arses...they don't seem willing to help and that scares me since i'm the one who has to deal with customer.

 

[Damaged]

Hmm, well your cheapest solution here would be to find and old puter and use Linux to run ipchains/ipmasq. The issue here is support though. I mean if you don't know the OS that's a problem, and if you ever lose your contract with the customer they're probably gonna be screwed with whomever takes the contract over.

spidey07 know of any good/inexpensive ether->ether routers?

 

[Dark]

refreshing...bump etc. Clock is ticking, I need to take a decision. All the "cheapo" cisco routers sho77 600-800 provides only one Ethernet and ADSL. I don't need the freaking ADSL.
Damaged: I know netgear are good but I feel more comfortable with Cisco.

 

[Damaged]

K, 1605-R then. You don't need a WIC, just the chassis and the Flash RAM. It has 2 ethernet ports that you can configure and route b/w. Much cheaper than a 2621.

 

[spidey07]

Sorry, that's the cheapest router I'd use in a LAN to LAN routing situation especially if you are asking it to do ACLs and NAT. This application is often reffered to as a "choke" router, controlling access, doing VPN/NAT. Besides, 2620s are cheap.

spidey

 

[Damaged]

Agreed it's the cheapest Cisco to do the job. It also limits you as you can't expand it, where as you could with a network module slot available in the 2621.

 

[UnixFreak]

I would go with the ciscos, these are great routers, and run a hub out the back of it, you can configure your nat tables for VPN, use
set nat ent add 10.0.0.2 0 47 replace 10.0.0.2 with your global, and your set. thats what I would do.

 

[Dark]

Thx a lot guys. I owe you one .
Spidey: just to make sure, you wouldn't use a netgear RT311 for that purpose?
Xanathar, Damaged, Spidey, Unixfreak Thx a bunch

 

[spidey07]

Just a difference of opinion.

I personally would stay with the 2621. I'm sure others disagree.

Asking a router to to NAT, VPN, ACLs AND LAN ROUTING actually does require a substancial bit of processing power unless you want it to run like a terd.

 

[Dark]

Thx a lot all. I checked the price of the 1605. Do I have the option to get it without the WIC? it costs 1600 Canadian dollars

 

[Damaged]

Hmm, 1600 CDN, probably the price w/o the WIC. What WIC do they include?

 

[Dark]

I'm gonna ask. I'll get back to you as soon as possible.

 

[Dark]

Man those Cisco resellers are something They didn't know if it was possible to buy it without the WIC. They wanted me to ask Cisco directly which I did. The guy at Cisco told me that it was possible to buy the router without the WIC and that it was the same part number (of course i've been told that by Spidey and Damaged ) again the resellers were like: "If you don't have a part number, it's like it doesn't exist for us". It seems like we'll have to take the WIC cos they don't seem willing to sell it without. So 1600 canadian is for the 1605-R with the WIC.
Do you guys know which rebate they give if the some of the companie's staff is certified cisco?

 

[Damaged]

Sorry no clue there. We have a contract with Solunet, and I don't do the purchasing/ordering. I simply say "hey I need such and such. How long will it take to get it?"

 

[Dark]

Damaged: hehehe I c.
Spidey: any clue?

 

[CTR]

No discount for having a cisco-certified person at your biz. Resellers have to maintain a certain number of cert's to keep reseller status. Discounts are then determined by the reseller's volume. But from what I have seen in this thread, you are probably not going to get any discount. When you get a quote from the VAR, post it and we'll take a look. I used to give quotes on 1605-R's all the time. And I'm SURE spidey will have something to add...he ALWAYS does.

 

[Dark]

Now I look stupid . Thx CTR. I'll post the quote as soon as possible.