Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ALIX 2d2 questions

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    11 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjandrob
      last edited by

      Hey all,

      Looking to snag a ALIX to replace a cisco 2811 which is overkill for my network now.

      Currently my cisco 2811 is doing VPN (ipsec) for a single bridge connection,  accepting VPN connections from my iphone, NAT for services inside the network, and CME (cisco call manager express).

      What I would be looking to do is with this board is…
      SSL off load / squid.  I have a single public IP and want to hand off several services based on IP.
      Asterisk call processing only.  VM will be handled else where.
      the IPSEC tunnel
      VPN inbound
      NAT / port forward

      The board im looking at will be 500mhz w/ 256mb of built in ram.  card reader will be > 4 gb.

      Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Probably not but….
        What bandwidth are you looking to push through the box?

        Steve

        1 Reply Last reply Reply Quote 0
        • J
          jjandrob
          last edited by

          @stephenw10:

          Probably not but….
          What bandwidth are you looking to push through the box?

          Steve

          Hi Steve,

          the IPSec tunnel is only used for voip to voip calls (g729) and remote desktop.

          The internet connection is a cable modem with average use of under 1mb/s

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            @jjandrob:

            SSL off load / squid.  I have a single public IP and want to hand off several services based on IP.

            Please elaborate on this. I suspect the Alix will not be up to that task even if your WAN bandwidth is low. 1Mbps average is low but what is the peak?

            Steve

            Edit: Typo

            1 Reply Last reply Reply Quote 0
            • V
              vincom
              last edited by

              imho just buy the 800mhz one, future proof as you never know what you might need down the road

              1 Reply Last reply Reply Quote 0
              • J
                jjandrob
                last edited by

                @stephenw10:

                @jjandrob:

                SSL off load / squid.  I have a single public IP and want to hand off several services based on IP.

                Please elaborate on this. I suspect the Alix will not be up to that task even if your WAN bandwidth is low. 1Mbps average is low but what is the peak?

                Steve

                Edit: Typo

                Hi Steve,

                Looking to do reverse SSL i believe is the term.  where pfsense handles all SSL traffic for my internal servers.  I create mappings for ww1.domain.com –> 192.168.55.13  and ww2.domain.com --> 192.168.55.14

                Hope this helps!

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Ah, Ok. So pfSense doesn't do that out of the box. You need to install a reverse proxy server that reads host headers.
                  Also you need it to do SSL so I think that limits your choices further. Maybe Squid 3?  :-\ I'm not sure you'd have to do more research.
                  I can tell you than an Alix box is not a good target for that. To reduce any further complexity you probably want to run a full install from a hard drive. I think you're looking at a significantly more powerful box.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • J
                    jjandrob
                    last edited by

                    @stephenw10:

                    Ah, Ok. So pfSense doesn't do that out of the box. You need to install a reverse proxy server that reads host headers.
                    Also you need it to do SSL so I think that limits your choices further. Maybe Squid 3?  :-\ I'm not sure you'd have to do more research.
                    I can tell you than an Alix box is not a good target for that. To reduce any further complexity you probably want to run a full install from a hard drive. I think you're looking at a significantly more powerful box.

                    Steve

                    thanks steve.  It was not doing squid, do you think it could handle the nat traffic, IPSEC, and asterisk?

                    Thanks!

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      The capabilities of the Alix box are modest but well documented. It can firewall/NAT ~85Mbps. It can push IPSec traffic 10-25Mbps depending on encryption type (it has onboard AES hardware). See, for example: http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Black-P216.aspx
                      and http://forum.pfsense.org/index.php?topic=14581.0
                      and indeed here:
                      https://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported#Benchmarks

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • J
                        jasonlitka
                        last edited by

                        @jjandrob:

                        Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?

                        What 800MHz version?

                        I can break anything.

                        1 Reply Last reply Reply Quote 0
                        • J
                          jjandrob
                          last edited by

                          @Jason:

                          @jjandrob:

                          Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?

                          What 800MHz version?

                          i suppose i miss took a model number in a quick reading as the CPU speed.

                          Thanks!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.