[BillingsLUG] WAN to WAN help question
dan
dandenson at gmail.com
Tue Jul 20 11:34:30 MDT 2010
On Tue, Jul 20, 2010 at 1:12 AM, Mike Berry <madeinmontana at bresnan.net>wrote:
> I would probably be looking at the pre-builds. Lol, I'm not that versed
> in the build-ur-own.
>
Actually, getting a pfsense box setup is easier than a cisco. If you pop
into #ubuntu-montana on freenode or even post on montana linux you could get
someone to put one together for you local to Billings or Bozeman. I would
offer BUT because I suggested it you might see some sort of scandal :) also,
#pfsense on freenode is an excellent irc chan and they are very willing to
help. You wont find the same with a Cisco.
> When you say re: the ciSCo, If you want multiple WAN, you will need an
> 1821 or better, does blgs to bzmn count as multiple?
>
No, its the number of seperate internet connections you can use. If you get
a box that can multi-wan you can have say a DSL and a Cable connection, or a
T1 and DSL, and you can load balance or fail over the connections. An 881
has a single WAN port and wont let you VLAN out your WAN port or anything so
it can only have 1 WAN IP address, aka 1 WAN. The 1821 and higher routers
allow you to add Ethernet modules, which means you can do up to 5 WAN ports
on a 1821 with 2 Ethernet WIC cards. This is BIG$$$. $1500 router + about
$500-$800 each for the WIC cards.
With Cisco I would say that it is *practically impossible to load balance
VPN, but you can do failover. With pfsense, you can create two tunnels, one
on each WAN, and then load balance between them, if one goes down it
compensates. For that matter, you can put a third connection on dialup,
give it a lower priority in the loadbalance/failover mechanism, and pfsense
can dial that when the other connection(s) are down. You can add a droid
phone with wifi tether and install a wireless adapter in pfsense, again with
a lower priority, put that in the loadbalancing mechanism, and you can stack
those and have 2 WAN priority 1, Verizon on priority 2, and dialup on
priority 3, or even two dial ups on priority 3. I have seen people using
pfsense to 'shotgun' 6 or more dial up modems in the forums. basically,
pfsense is EXTREMELY flexible, much more so than a Cisco. Also, you can
setup your pfsense box to a final, production state in no time flat. Nice,
easy web GUI.
excuse the tangent there!
> And who is a reputable outlet for these? Any one?
>
http://www.newegg.com/Product/Product.aspx?Item=N82E16833150036&Tpk=cisco%20881
http://www.cdw.com/shop/products/default.aspx?EDC=1482835
**note, if the picture shows wireless, it is the wrong picture. That is the
881W and is about $200-$250 more.
I would also caution you that if you have not worked on cisco IOS it may be
tough to configure yourself. There is a web gui but it will only do VERY
basic things. As soon as you put a specific route, or acl, or vpn option,
the webgui wont let you configure anything anymore.
> I will have to talk to you more, later, about the other OS, maybe I could
> suggest a LUG meeting demo from someone for those of us not so
> knowledgeable?
>
Bozeman and Billings both have a LUG that has some skilled regulars. I have
a conference room in Billings and would be more than happy to do the August
LUG on pfsense. I think that it would be more appropriate to do a lab
instead of just a demo though, get some hands dirty :)
I currently have 37 VPN tunnels on Cisco and a few on ipsec with pfsense and
a few mobile setups with openvpn in production.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.billingslug.org/pipermail/billingslug/attachments/20100720/458e937d/attachment.html
More information about the BillingsLUG
mailing list