SR520 vs ASA5505

Unanswered Question
Apr 2nd, 2009


I am trying to determine the differences between the SR520 and the ASA5505. The customer has ten users, three are at the main office and the rest are distributed across the country.

I would like to run a site to site vpn between their main office and a second location. Also, the users are going to have remote access VPNs. We are going to run wireless networks at both sites and backup through the VPN.

Question is: should I be using the ASA5505 or the SR520?

Obviously, the ASA is a stronger device, okay i get it. But at four times the cost (license up for additional vpn users + access point), I'd like to consider the SR520. After talking to the distributor support and cisco partner helpline, a few subjects came up:

1. Overall stronger security on the ASA5505. Especially IPS/IDS

2. Greater Throughput on the ASA. But, what exactly is the max vpn throughput on the SR520? isn't the cable/dsl going to be the bottlneck, not the SR520?

3. Ability to run a second ISP

4. Possibility for 2-part authentication? IE via a code-generating key fob. does anyone have any vendors that they would suggest?

5. It appears that this only supports the IPSEC VPN Client. The SSL VPN Client is not supported, but the Clientless Webvpn is? Does that make any sense?

6. Ability to authenticate users against Windows SBS 08 active directory via LDAP. It appears that the SR doesn't have this?

7. Perhaps we should run a SR520 at the Secondary site and a ASA5505 at the primary?

Any Suggestions, experiences or guidance would be beneficial.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
addis Wed, 04/15/2009 - 15:21

You have identified many issues when choosing between the ASA5505 and the SR520.

I don't know what the customer requirements are, so I can't say for sure how each product may fit the need.

A few things:

--SR520 does NOT have LDAP auth capability

--SR520 does support SSL VPN

--SR520 is cheaper

--SR520 now supports RIP, OSPF, DMVPN, and Trend Content Filtering (that may help your situation)

Benjamin Waldon Wed, 04/15/2009 - 17:17

Well, I think that we have pretty well addressed the question, so I am marking it as answered.

I supposed you could have a much more extensive conversation, but I guess it just comes down to how serious the client is about security.


This Discussion