Thoughts on a Ubiquiti/Cisco comparo?
-
We have a client who has multiple locations, all of whom employ Cisco routers currently. It's time for a new router at 1-3 locations, but the bulk of the overall network will remain Cisco with what's in place (let's say they are all 1812 routers, for simplicity). They have Dynamic Multipoint VPN running, and there is currently a Sonicwall router in place that explicity handles the VPN for data to/from an Avaya phone system. The questions are these:
-
Can a Ubiquiti ERPro-8 router take the place of the Cisco currently in production? Is the Cisco using a proprietary VPN that will not play with non-Cisco equipment, etc.?
-
If the answer to the above permits using Ubiquiti, can the ERPro-8 also handle the VPN traffic for the Avaya phones? Can you create more than one VPN tunnel from a single router?
-
How does the ERPro-8 compare to a Cisco 1900 series router in power, performance, and features?
Being entirely unfamiliar with most things Cisco, I'm hoping to get some traction with your collective experience...
Thanks! -
-
I think the answer is yes to all of these questions. Cisco does use a proprietary VPN for the client connections but, if I remember correctly, their site-to-site stuff is using IPSEC or L2TP.
-
Yes, the Ubiquiti can make unlimited VPN connections limited only by the volume of traffic coming in over them.
-
This is the basic VPN config, if that makes a difference:
ADDR
Call server 192.168.*****
VPN
General
VPN Enabled
VPN Vendor Other
Gateway Address… *****
Encapsulation 4500 – 4500
Copy TOS No
Auth. Type
Auth. Type PSK
IKE PSK
IKE ID (Group Name)… *****
Pre Shared Key (PSK) *****
IKE Phase 1
IKE ID Type FQDN
IKE Xchg Mode Aggressive
IKE DH Group 2
IKE Encryption Alg 3DES
IKE Auth. Alg. SHA-1
IKE Config. Mode Disabled
IKE Phase 2
IPsec PFS DH Group 2
IPsec Encryption Alg 3DES
IPsec Auth. Alg. SHA-1
Protected Network… 192.168.*****
IKE Over TCP
IKE Over TCP Never -
Looks like IPSEC... you should be good to replace the router with an Ubiquti.
-
Definitely IPSEC, should be fun getting them to talk to each other.
-
@coliver said in Thoughts on a Ubiquiti/Cisco comparo?:
I think the answer is yes to all of these questions. Cisco does use a proprietary VPN for the client connections but, if I remember correctly, their site-to-site stuff is using IPSEC or L2TP.
Ya I've done site-to-site with IPsec between an ERL and a Cisco.
-
That is just standard IPSEC form the looks. I would not expect a problem assuming all sides are on a static WAN IP.
-
Why do you have a SonicWall handling the things for the VOIP? Was this split out on purpose?
-
@Dashrender said in Thoughts on a Ubiquiti/Cisco comparo?:
Why do you have a SonicWall handling the things for the VOIP? Was this split out on purpose?
He doesn't. This is obviously an in place system from before they were a client.
-
@JaredBusch said in Thoughts on a Ubiquiti/Cisco comparo?:
@Dashrender said in Thoughts on a Ubiquiti/Cisco comparo?:
Why do you have a SonicWall handling the things for the VOIP? Was this split out on purpose?
He doesn't. This is obviously an in place system from before they were a client.
You can always be sure that any SonicWall is from pre-NTG
Cisco you might see with us, Meraki possibly, but those are definitely on the uncommon side. But SonicWall, I don't think you'll ever see that. -
While you both might have read an assumed NTG installed the SonicWall, let me just tell you both, that wasn't what I said, or trying to say.
I was asking - why was the SonicWall installed at all? Why did that traffic need to be split out in such a way that it couldn't be handled by the Cisco?
Perhaps the answer is - that was before our time, so we have no clue.
I was just asking.
-
This is just a project. What's the line? "Not my circus, not my monkeys"?
-
@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?:
This is just a project. What's the line? "Not my circus, not my monkeys"?
I think it goes "not my circus, not my Sonicwall".
