Router with buit-in Firewall and VPN capability?

[dkraut]

For a small environment (6 sites with 200 users total) and a small mobile workforce, do you lose any functionality by using a single router at each site to do routing, firewall and VPN all in one box as opposed to using a separate router, PIX firewall and VPN Concentrator? Assuming that we decide on a "single" box solution and that all sites will have a high speed Internet connection, will site A or user JohnDoe be able to route to B, C, D, E and F thru the VPN network? Also, can we for management purposes, force branch offices B and C to route all packets through site A to get to the Internet and all other sites if necessary?

Thanks!!

 

[gconnect]

You don't lose much functionality.

no problem, you should be able to get away (comfortably) with dual fast-ethernet 2621XM's (with the ipsec/fw feature set). That's the route i would take. Should be able to do everything you need. If you go with 1700's you may have to buy extra WICs.

it depends on your topology.
if all the sites will be connected via DSL and VPN, i go with the 2621XM's

if all the sites will be connected via T1(or frac), the 1700's may be the best buy for the smaller offices and 26xxXM for the larger ones.

check out some of the CBAC stuff i have on my site. It may help.

http://www.getconnected-it.com/infoarch.html

-gC-