ALIX 2d2 questions
-
Hey all,
Looking to snag a ALIX to replace a cisco 2811 which is overkill for my network now.
Currently my cisco 2811 is doing VPN (ipsec) for a single bridge connection, accepting VPN connections from my iphone, NAT for services inside the network, and CME (cisco call manager express).
What I would be looking to do is with this board is…
SSL off load / squid. I have a single public IP and want to hand off several services based on IP.
Asterisk call processing only. VM will be handled else where.
the IPSEC tunnel
VPN inbound
NAT / port forwardThe board im looking at will be 500mhz w/ 256mb of built in ram. card reader will be > 4 gb.
Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?
-
Probably not but….
What bandwidth are you looking to push through the box?Steve
-
Probably not but….
What bandwidth are you looking to push through the box?Steve
Hi Steve,
the IPSec tunnel is only used for voip to voip calls (g729) and remote desktop.
The internet connection is a cable modem with average use of under 1mb/s
-
SSL off load / squid. I have a single public IP and want to hand off several services based on IP.
Please elaborate on this. I suspect the Alix will not be up to that task even if your WAN bandwidth is low. 1Mbps average is low but what is the peak?
Steve
Edit: Typo
-
imho just buy the 800mhz one, future proof as you never know what you might need down the road
-
SSL off load / squid. I have a single public IP and want to hand off several services based on IP.
Please elaborate on this. I suspect the Alix will not be up to that task even if your WAN bandwidth is low. 1Mbps average is low but what is the peak?
Steve
Edit: Typo
Hi Steve,
Looking to do reverse SSL i believe is the term. where pfsense handles all SSL traffic for my internal servers. I create mappings for ww1.domain.com –> 192.168.55.13 and ww2.domain.com --> 192.168.55.14
Hope this helps!
-
Ah, Ok. So pfSense doesn't do that out of the box. You need to install a reverse proxy server that reads host headers.
Also you need it to do SSL so I think that limits your choices further. Maybe Squid 3? :-\ I'm not sure you'd have to do more research.
I can tell you than an Alix box is not a good target for that. To reduce any further complexity you probably want to run a full install from a hard drive. I think you're looking at a significantly more powerful box.Steve
-
Ah, Ok. So pfSense doesn't do that out of the box. You need to install a reverse proxy server that reads host headers.
Also you need it to do SSL so I think that limits your choices further. Maybe Squid 3? :-\ I'm not sure you'd have to do more research.
I can tell you than an Alix box is not a good target for that. To reduce any further complexity you probably want to run a full install from a hard drive. I think you're looking at a significantly more powerful box.Steve
thanks steve. It was not doing squid, do you think it could handle the nat traffic, IPSEC, and asterisk?
Thanks!
-
The capabilities of the Alix box are modest but well documented. It can firewall/NAT ~85Mbps. It can push IPSec traffic 10-25Mbps depending on encryption type (it has onboard AES hardware). See, for example: http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Black-P216.aspx
and http://forum.pfsense.org/index.php?topic=14581.0
and indeed here:
https://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported#BenchmarksSteve
-
Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?
What 800MHz version?
-