Zeroshell + Soekris net5501 to replace PIX?

Home Page Forums Network Management ZeroShell Zeroshell + Soekris net5501 to replace PIX?

This topic contains 5 replies, has 0 voices, and was last updated by  vasili 9 years, 5 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41912

    vasili
    Member

    Does anyone have any real-world statistics/info/capacity on using the net5501 with zeroshell that they’d share?

    I have 8 locations that each have a couple of public internet connections and one MPLS connection. Each of these different circuits are of varying speeds. I hope to balance traffic across each of these circuits.

    I plan to have lan to lan vpn connections between all sites and each site will support host to lan vpn. Most of the vpn traffic is to our email server which is in one location for all and our ERP system(mainly telnet) which is also in the same location. Each sites has their own local file servers. We will have some voice and video traffic that would ideally be sent site to site only on the MPLS circuits.

    Number of clients at each location varies from 20-150. Average is probably closer to 50.

    So, my questions are:
    1. I think zeroshell is a good fit for what I’m trying to do. Does anyone see any blaring issues that I’ve apparently overlooked?

    2. Will I be able to bond/balance vpn traffic with public(internet) and private(MPLS) circuits?

    3. Will I be able to prioritize my voice/video traffic and pass it only down the MPLS connection unless it’s down and I have to use the other circuits?

    4. Will the net5501 be a good fit for what I’m doing? Enough horsepower? If not, what would you guys recommend? I’m hoping for embedded, don’t want moving parts that fail. 🙂

    I’m kind of rambling on but for anyone still reading;

    My current setup is:
    Cisco PIX for site to site vpn at all sites. I have a proprietary device outside of PIX that all circuits(except MPLS) connect to. This provides load balancing/fault tolerance. I have Cisco vpn concentrator at one site only on one circuit(can’t multihome) for host to lan vpn users.

    Due to expensive licensing, age of all devices and somewhat shady business practice of the manufacturer of the load balancing unit, I would ideally like to replace the PIX, load balancing unit and vpn concentrator at each location with one zeroshell box. Does this sound possible?

    Thanks for any advice/help you guys can give.

    #48734

    vasili
    Member

    Can anybody give me a quick yes or no on the Soekris for what I am trying to do?
    Do I need more horsepower?

    #48735

    Smokeshow
    Member

    The Soekris will work great at the remote offices, however I would get something more powerful for the main office. From my personal experience VPN decoding is very CPU intensive and running 8 VPN’s might choke out one of those 5501’s.

    #48736

    vasili
    Member

    Very good. Just what I was looking for. I have my first 2 5501 units that I’m starting to setup and test.

    Thanks for the reply.

    #48737

    vasili
    Member

    Can anyone recommend a good higher end machine for the main office in the above scenario?

    I’d prefer no moving parts, fans, etc.. but will probably have to at leave have a CPU fan.

    Thanks again

    #48738

    ppalias
    Member

    How about a custom made pc, that is fanless, or with a big heat-sink and a slow fan that won’t be heard at all.
    Choose a CPU that is not emitting too much heat, such as a Celeron. If you are in trouble with CPU utilization due to VPN tunnels, you can install a crypto accelerator.

    #48739

    Smokeshow
    Member

    Take a look at a Mini-Box M300. You can get one fully loaded for about $400 with an Intel Atom Dual Core 330, 2GB RAM, 3 GB NICS and a 4GB CF Drive. The only downside is that it does have a CPU fan.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.