Hello,
I would really appreciate the insight of fellow network engineers for a network overhaul on the "cheap".
We are currently using 192 ports (10/100/1000 mix) on non managed/non stacking switches and PoE injectors on some of the ports (this is hell). The core router is a joke. Someone decided it was a good idea to install an ISA570w for a company with 100 users on site, 3 remote locations with 10 users each, 50 VPN users and 80+ VoIP phones. This thing slows to a crawl with security services enabled and will randomly reboot. Plus side, we recently got a 100 Mbps fiber connection.
I won't be able to convince the big wigs to invest 40k+ on new equipment because of the "small business" mentality.
My only choice at this point is to go refurbished. Budget seems to only be 6k at this point.... (crossing my fingers for more)
Option 1:
3750g-48-ps
These are very popular, stable, stacking switches, PoE, oversubscription shouldn't be an issue, 32gb fabric. Can get these for under $1300, non PoE are about $800.
ISR 3925E
Solid router, jack of all trades. Expensive at $4000. Miercom reports state it'll maintain a 250 Mbps Troughtput with security services enabled, IPsec performance is 100 Mbps using 64 byte packets.
Going this route, I would end up over budget by $2200. (4000+1300+1300+800+800).
Option 2:
My other choice is going for a Catalyst 6509-e chassis.
A company a few blocks away went out of business and is selling a 6509-e dirt cheap with a sup32, X6148-GE-45AF PoE cards and dual 6000w power supplies. (under $500)
I could purchase a sup720-3B for about $350 (let the sup720 do the routing)
Two WS-X6748-GE-TX-3B for $600
Two WS-X6548-GE-45AF for $1000
(I might be able to get away with the X6148-GE-45AF cards already installed)
This would basically be the equivalent, maybe even better than going for the 3750g and ISR 3925E.
Of course this would mean that I would be without Firewall/IPS/VPN, so I would have to look for other line cards to achieve what an ISR would do.
Firewall line card: WS-SVC-FWM-1-K9 REF $1300
Intrusion Detection: WS-SVC-IDS2-BUN-K9 $500
VPN: WS-SVC-IPSEC-1: $350
Total price: 500+350+600+1000+1300+500+350 = $4650
Not bad, just another 3 cards taking up potential switch space.
Option 3:
A colleague suggested going for a newer external ASA 5000 device.
The sup720 would handle the routing
ASA5525-X (AnyConnect Premium 500) $3500.
Total price: 500+350+600+1000+3500 = $5950
Option 4?
Look into the newer ISR4331?
Look into the ASR line? (ASR 1002)
5,6?
What do you guys think?
At the moment I am leaning towards the 6509-e with the Sup720-3B and ASA 5525-X. I'm sure that the Sup720 would handle routing just fine and I'm not using BGP.
At the rate that the company is growing (not so fast), I think this might hold us until the sup720 is EOL (January 2018). Then I would expect the Sup 2T to be cheaper, or better yet, IT would be a real department! (Or I change jobs lol)
I know that I'm focusing on Cisco products, but any suggestions are welcomed.
I would really appreciate the insight of fellow network engineers for a network overhaul on the "cheap".
We are currently using 192 ports (10/100/1000 mix) on non managed/non stacking switches and PoE injectors on some of the ports (this is hell). The core router is a joke. Someone decided it was a good idea to install an ISA570w for a company with 100 users on site, 3 remote locations with 10 users each, 50 VPN users and 80+ VoIP phones. This thing slows to a crawl with security services enabled and will randomly reboot. Plus side, we recently got a 100 Mbps fiber connection.
I won't be able to convince the big wigs to invest 40k+ on new equipment because of the "small business" mentality.
My only choice at this point is to go refurbished. Budget seems to only be 6k at this point.... (crossing my fingers for more)
Option 1:
3750g-48-ps
These are very popular, stable, stacking switches, PoE, oversubscription shouldn't be an issue, 32gb fabric. Can get these for under $1300, non PoE are about $800.
ISR 3925E
Solid router, jack of all trades. Expensive at $4000. Miercom reports state it'll maintain a 250 Mbps Troughtput with security services enabled, IPsec performance is 100 Mbps using 64 byte packets.
Going this route, I would end up over budget by $2200. (4000+1300+1300+800+800).
Option 2:
My other choice is going for a Catalyst 6509-e chassis.
A company a few blocks away went out of business and is selling a 6509-e dirt cheap with a sup32, X6148-GE-45AF PoE cards and dual 6000w power supplies. (under $500)
I could purchase a sup720-3B for about $350 (let the sup720 do the routing)
Two WS-X6748-GE-TX-3B for $600
Two WS-X6548-GE-45AF for $1000
(I might be able to get away with the X6148-GE-45AF cards already installed)
This would basically be the equivalent, maybe even better than going for the 3750g and ISR 3925E.
Of course this would mean that I would be without Firewall/IPS/VPN, so I would have to look for other line cards to achieve what an ISR would do.
Firewall line card: WS-SVC-FWM-1-K9 REF $1300
Intrusion Detection: WS-SVC-IDS2-BUN-K9 $500
VPN: WS-SVC-IPSEC-1: $350
Total price: 500+350+600+1000+1300+500+350 = $4650
Not bad, just another 3 cards taking up potential switch space.
Option 3:
A colleague suggested going for a newer external ASA 5000 device.
The sup720 would handle the routing
ASA5525-X (AnyConnect Premium 500) $3500.
Total price: 500+350+600+1000+3500 = $5950
Option 4?
Look into the newer ISR4331?
Look into the ASR line? (ASR 1002)
5,6?
What do you guys think?
At the moment I am leaning towards the 6509-e with the Sup720-3B and ASA 5525-X. I'm sure that the Sup720 would handle routing just fine and I'm not using BGP.
At the rate that the company is growing (not so fast), I think this might hold us until the sup720 is EOL (January 2018). Then I would expect the Sup 2T to be cheaper, or better yet, IT would be a real department! (Or I change jobs lol)
I know that I'm focusing on Cisco products, but any suggestions are welcomed.