Options

Home Network overkill?

fly351fly351 Member Posts: 360
in Off-Topic
So I just put a offer on eBay for a Cisco 3725 router with an AIM-VPN/EPII-Plus. I figured this way I can VPN home, practice Cisco configuring, plus have some better security for my house. I know the router is EOL but the functionality and being able to get some practice on a higher end router is a plus to me. Thoughts?
CCNP :study:
· Share on FacebookShare on Twitter

Comments

  • Options
    Hyper-MeHyper-Me Banned Posts: 2,059
    If you wanna do it, do it.

    I think using enterprise level stuff in your home solely for the idea of protection is overkill and silly, but if you are trying to learn the stuff as well then its worthwhile.
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    The 3725 won't give you any more security over a decent generic home router. I'm not sure whether it supports the IDS features or not but if you do enable it then expect throughput to drop like a stone.

    If you want to run CBAC/IPS on a router then you'll need something like a highend 2800 to even come close to handling the average home broadband internet connection. Otherwise you'll have to do the multiple box router and get an ASA and one of the IPS boxes. The cheaper route would be to get Untangle running on a spare PC somewhere.
    · Share on FacebookShare on Twitter
  • Options
    keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    there is no overkill if you trying to learn something. if anything the router can go in your lab
    Become the stainless steel sharp knife in a drawer full of rusty spoons
    · Share on FacebookShare on Twitter
  • Options
    StoticStotic Member Posts: 248
    save yourself the trouble and just use hamachi vpn with a cheap router
    · Share on FacebookShare on Twitter
  • Options
    fly351fly351 Member Posts: 360
    tiersten wrote: »
    The 3725 won't give you any more security over a decent generic home router. I'm not sure whether it supports the IDS features or not but if you do enable it then expect throughput to drop like a stone.

    Yes the 3725 does support IDS. I did manage to find the throughput using a IDS NM, seems like its plenty for my home connection.

    NM-CIDS-K9 Throughput: up to 45 Mbps in the Cisco 3700 Series
    CCNP :study:
    · Share on FacebookShare on Twitter
  • Options
    fly351fly351 Member Posts: 360
    Stotic wrote: »
    save yourself the trouble and just use hamachi vpn with a cheap router

    That really doesn't help me learn Cisco though... takes away 1 of my 2 reasons for this setup.
    CCNP :study:
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    fly351 wrote: »
    Yes the 3725 does support IDS. I did manage to find the throughput using a IDS NM, seems like its plenty for my home connection.

    NM-CIDS-K9 Throughput: up to 45 Mbps in the Cisco 3700 Series
    Yeah but you don't have a IDS NM :P They're generally not cheap on the secondhand market. If you don't have a NM or AIM that does it for you then you'll have to use the version built into IOS which uses the router processor and that is where you get the issues with throughput.

    A 3725 is rated for 120KPPS/61.4Mbps but that is with nothing at all enabled like CBAC or IPS. The rule of thumb is that you halve the rated throughput for every feature you enable.

    I use an 1841 as my router and it is rated for 75KPPS/38.40Mbps and if I enable everything then the throughput drops to around 3Mbps and CPU utilisation is extremely high. Cisco only rate it to handle a single T1/E1 with everything enabled.
    · Share on FacebookShare on Twitter
  • Options
    fly351fly351 Member Posts: 360
    tiersten wrote: »
    Yeah but you don't have a IDS NM :P They're generally not cheap on the secondhand market.

    So I could run an IDS as part of the IOS without the hardware?

    See why I need experience? icon_redface.gif
    CCNP :study:
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    fly351 wrote: »
    So I could run an IDS as part of the IOS without the hardware?
    According to the feature navigator you can do IOS IPS on a 3725 if you have 12.4T. You'll need to get a copy of the IPS signatures however since they're not packaged with IOS.
    · Share on FacebookShare on Twitter
  • Options
    AldurAldur Member Posts: 1,460
    I think that this is a great idea for learning purposes. I bought a Juniper SRX210 for my home lab and then hooked it up to my internet connection. I ended up running into to problems like not receiving DHCP replies on an interface, or having wanted traffic blocked by the firewall.

    Was spending about 1k for a home internet router overkill? Absolutely! Was it worth it to actually run into and troubleshoot some real world problems? Definitely!

    Sure I could have just left this router/firewall in my lab and ran my connection through my 2wire router that my ISP provided but I've learned more from putting it in my 'production network' then I ever could have leaving it in my lab.
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    Aldur wrote: »
    Was spending about 1k for a home internet router overkill? Absolutely! Was it worth it to actually run into and troubleshoot some real world problems? Definitely!
    If you're a Swedish grandmother then you'll have a CRS-1 in your garden shed :D
    · Share on FacebookShare on Twitter
  • Options
    keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    exactly, a good learning experience is at hand.
    Become the stainless steel sharp knife in a drawer full of rusty spoons
    · Share on FacebookShare on Twitter
  • Options
    fly351fly351 Member Posts: 360
    Thanks for the help everyone. icon_cheers.gif Once I get it in and configured I will check the throughput over my 16mb connection and post the results.

    As far as the NM-CIDS... I will decide on that later.
    CCNP :study:
    · Share on FacebookShare on Twitter
Sign In or Register to comment.