Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VIP Purple

EOL for ISA 550/570

Wow, I really didn't expect that these devices will go EOL that soon. What a kick in the a.. for all that bought them recently. Especially as the last day of support is already November 2014.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps11850/ps11752/end_of_life_notice_c51-729274.html

Luckily I wasn't that fast with replacing my ASA 5505 with one of these units. So I only got a Small-Business-slap with my UC320.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
54 REPLIES

EOL for ISA 550/570

I thought the same thing.  Looking at Meraki MX60 going forward in place of ISA/OnPlus combo.  I wonder how long it will be around since the Cisco purchase..

-- please remember to rate and mark answered helpful posts --

Re: EOL for ISA 550/570

Regarding Meraki, considering how much Cisco spent on the acquisition, I would expect it to be around for awhile. Then again, I'm 2 for 2 on the OnPlus and ISA so take my opinion for what it's worth. I won't even mention the Cius and VXC. I've had a tough couple of years.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Cisco spent a similar amount

Cisco spent a similar amount of $ (adjusted for inflation) for Linksys and how'd that work out for customers?  Meraki may have been a $1.2B shopping spree, but customers don't feel safe with Cisco any longer.  Very frustrating as a long Cisco supporter.

New Member

EOL for ISA 550/570

@Brandon Svec, you'd better look at the MX60 specs before you go down that road.  20 users max!  To get more than that you have to fork out $2,000 !!!!!!

New Member

EOL for ISA 550/570

Hi,

i am also looking for alternatives, the MX60 looks not too bad (I also consider Zyxel ZyWall USG 50/100 and Fortinet FortiGate FG-30D/FG-60C).

However, are there any experiences with the Meraki MX60 device (now that it is owned by Cisco and with the experiences we have had with ISA):

  • Is it working reliably and has a decent software quality level?
  • Are there any official statements on its lifetime?
  • How does support work for the Meraki devices - do you need Cisco support contracts or is it still handled through Meraki (are any Meraki specialits at all)?
  • Are there open issues in the firmware? Do they develop firmware themselfs or through some obscure third party (like it seems to be the case with the ISA)?

Thanks!

New Member

EOL for ISA 550/570

How can you look at the MX60 as an ISA500 replacement?  Unless you only have 20 users or less and will never have any more this is an overpriced device with no room to grow.  To get more than 20 users you must pay $2000 for the next step up and if you're going to do that you are much better off with a real firewall like an ASA5505 or 5510 (if I'm spending $2k on a firewall it'll certainly be an ASA).  Cisco just doesn't get it here.  SMBs are not going to pay $2k for an MX80 when they were a hard sell for $1000 on an ISA570W.  This was a bad decision by Cisco.  Sonicwall or Juniper seems to be my next place to look.

New Member

It seems like everyone is

It seems like everyone is talking about the Gartner Magic Quadrant these days for some sort of metric on how companies, like Cisco, are doing on producing products (firewalls, utms, etc.).  I was just looking at the Aug 2014 UTM Gartner Magic Quadrant and Cisco is not even in the leaders quadrant.  Below is the chart, so you can see for yourself.  In theory, the companies to do business with are the ones in the upper right quadrant.  I am certainly using this as a starting point for replacing my ISA570.  Hopefully this will help someone else out with a direction to go in. 

Next-Gen UTM devices with application control is what I will be looking for in a new device.  I have tested Sophos which was impressive but not well known and I am also looking into CheckPoint,  which I have used before, and both are in the upper right quadrant. 

 

New Member

Take a look at the history.

Take a look at the history. Cisco bought Linksys. 2 years later Linksys Hardware was listet as crap. Marvell Chipset. The worst solution. And whats about today? Linksys is dead. And it was just nearly the best Soho arround the world. Whatever Cisco bought the Last years except IronPort they ramed it down. I have so much expensive Hardware trash from Cisco here arround which no one is interessted to have. If they would release the Code as Open Source I'm sure the community will develope and extend the Code. Simply take a look at DD-WRT. During the last year I have had sold no Cisco device for SMB. The replacement of my SA550 was the ISA for a lot it money. But again to set on Cisco SMB? Never ever. I'll promises to all of you the Meraki things will be EOL latest in Spring 2016. But I expect it earlier. If you search a better solution for Cisco SMB devices either use nothing or anything else than Cisco. I don't blame to Cisco Enterprise. But SMB and other things are realy not longer a solaution even when Cisco would pay for using it. Best regards!
New Member

I hear your frustration but I

I hear your frustration but I disagree with your thought process.  Linksys came over to Cisco but they never discontinued much of anything.  In fact, that was part of the problem.  Linksys made way too many products that competed with itself.  Cisco just rebranded all the Linksys products like the RV082.

Then came along the Small Business Pro line that had in-house developers building products.  The SA5xx line was doomed from the start, IMHO.  It had a slow CPU and didn't load balance anywhere near as well as the far less expensive RV082 did, our go-to small biz router since it first shipped. 

 

The ISA5xx promised far superior performance, IronPort security filtering, and better LAN performance than the RV082 (gigabit vs. 100BaseT).  The ISA5xx was an immediate hit with our clients and that was the problem.  Instantly the sub-$1000 ISA570W was taking a LOT of business from ASA and the garbage Meraki that Cisco had just purchased was 2-3x more expensive than the ISA570W.  Why would anyone fork out for Meraki when they could buy an ISA570W?  They didn't!  Why would anyone buy an ASA5505 or 5510 with IPSecurity to have failover Internet when they could buy an ISA570W and have dual WAN from the start for much less $?  They wouldn't.  If I had to bet, Cisco Enterprise put an end to the ISA5xx line not Cisco Small Business Pro. 

The problem is the Cisco SBP line has the ability to put out products that beat Cisco Enterprise in the SMB market but Cisco Enterprise has bet the farm on their products that are overpriced and over-featured for the SMB market.  I simply will NOT ALLOW a client of mine to fork out the $ for Meraki's stuff that doesn't come close to handling the traffic the ISA570W did.

New Member

"Why would anyone fork out

"Why would anyone fork out for Meraki when they could buy an ISA570W?" Whoever told this to you has no relation to the market. Thats typically sales nonsense. The Meraki is brand new and if you take a look to the last years than you will see a lot of mistakes with the SMB Market. Of cause, there is a lot of frustration. I have round about 15 or 20 devices bought. RV220, SGD-2000P, SA520, ISA570 and so on. And whatever you take, after one year you can trash it. The problem is that you have no warranty that you SMB device is future proof. And the best example was the Switch from SA5xx to ISA5xx. Only one year and than EOL. OK, it could happens. 1000 Euro again for the next device. But one year later the ISA was EOL. Even Sonicwall has more an better Support. This has destroyed a lot of trust to Cisco and this is all together also the reason why I never would buy the Meraki thing. And if you would offer 2 devices for one or only 100 US$ for this. Never ever. Today I bought a refurbished ASA because my ISA causes a lot of troubles. I guess Cisco has still not seen how many people lost the trust to Cisco. When I spend less money I can't expect enterprise performance. I also need a replacement for my switches because they are now 3 years old. Same Situation with the ISA device. I need something newer but even for a 50 $ offer no more CISCO SMB. The problem is not Performance. Or the Price. The problem is how Cisco handle this market and this is the reason why Cisco will not get the Meraki thing sold. There is no more trust to Cisco. After the last 3 years and experience with CISCO do you realy expect that I will spend 6000 $ for the meraki thing? I need to calculate that Cisco buy again a Company and this thing is EOL again. Again, the Problem is not the price. Or the Power. Or the Service. The problem is how Cisco communicate to the "Customer". They can pi*ss on them. But when they do it, they should sell it as rain. This is the reason why I will never buy, sell or resell any SMB devices from Cisco. And I'm sure that I'm not the only one who think within this was. But I guess this will explain a lot of reasons why Cisco has not the planed succcess with the Meraki thing. Best regards from Germany! Torsten
New Member

You're of course right

You're of course right Torsten. I have customers who have been Linksys/Cisco customers for 10+ years who have told me to never offer then Cisco products again!  They're fed up with Cisco's lack of vision.  The ISA5xx was a stunning device, too stunning.  It took too much business from Cisco Enterprise and came with a terrific warranty.  Then Cisco sold off Linksys, bought Meraki, expected SMBs to pay 3-6x for lower performing equipment with no guarantees of lifespan.  If Cisco would guarantee, in writing, Meraki equipment would be supported for 10 years I'd have customers buying them, but customers no longer trust Cisco.  Notice the glaring lack of input here from Cisco reps.  I think they know they have a problem but I'm not sure they know how to solve it.  Meraki certainly isn't the way.

New Member

From my point of view it

From my point of view it seems they still don't know that they have a problem. It seems they think with the CISCO glasses: CISCO is CISCO. That's it!

But if you take a look back into the past you will find a lot of #1's which are not longer on the Market now. Only to name a few brands: Sinclair, Comodore, US-Robotics, 3com, Novell and so on...

And what do they did? Exactly the same. Ignore the active and current customers because new customers will bring more money. Newer things have to be more expensive, ignore if these things are better or not than our old things and we don't care about the old things. Old things are history and history is over. OK, today you simply write 3 letters for this: "EOL".

Within business management this way is called as "hard selling".  But hard selling almost causes an "hard drop" for the companies.

I don't expect that CISCO will hit the ground but I guess they will stumble. I think it's time for this lesson. And when I watch this thread there is one unique comment: No more trust in CISCO SMB brand.

Hmm... congratulation dear Mr. CISCO! Well done!

New Member

Yes, congratulations Cisco,

Yes, congratulations Cisco, way to piss off your SMB customers.  We will not forget! 

I am currently using an ISA570 that has 1.5 years of subscription left on it and I am already planning to replace it with something other than Cisco as soon as possible.  The device is a total wreck between bad firmware and security updates that will never get fixed because support has ended!  Nice job!

 

 

New Member

I hate to continue with the

I hate to continue with the trend but, i have been a bit disconnected the idea of being an SMB switch sales account manager and not provide a security gateway is less than thrilling.  i have a site that has an SA540 that has reach its usefulness.  wanted to replace with isa500 series i have being very impress with the boxes and, all that i can do definitely a ASA5505 killer.   too bad is eol I don't really care for the meraki mx less than impress with the price is absolutely ridiculous after licensing i don't see any sub 15 user environment paying that money.  it would be nice if the meraki genius take over the ISA500 project it is a very cool box.   any recommendation and not the sonicwall or watchguard vomit.  

thank you 

 

I'm currently migrating

I'm currently migrating customers with price in mind to pfSense.
It's free, fast, easy to manage and has the same features like the ISA with the big plus of a CLI with real tcpdump. 

Michael Please rate all helpful posts
New Member

Except now you're relying on

Except now you're relying on a computer do to your routing, right?  Computers just aren't as reliable as appliances, require a lot more space and power to run, and have to be managed a lot more closely than an appliance.  Me personally, I'm sticking to appliances, but they wont' be Cisco appliances so long as corporate hog ties the Small Business division from making a great product that doesn't cost $9000 over 3 years (Meraki's cost that much).

I understand a lot of the

I understand a lot of the frustration here, but let's be real about Meraki price.  It is all on their public web page (MSRP) and you can expect 30% off easily as street price.  So for example an MX80 (which is way more firewall than an ISA550) with 3 year advanced security is under $4200.  That includes the dashboard admin, 24/7 support, lifetime hardware warranty, etc.  A closer example would be the MX60 which only $1050 over 3 years with advanced security license.  Really, for what you get it is a fantastic value in my opinion.

If anyone reading this hasn't tried it, you should.  Here is a link to free trial options and if you attend a webinar they will give you a free AP with three year license to keep.  http://goo.gl/05SXsl

-- please remember to rate and mark answered helpful posts --
New Member

I sign up to take a look at

I sign up to take a look at the meraki product line.   it is stamp cisco, but it appears to be totally separate from cisco.  don't try to login with your cisco id doesn't log you in, anyways.   so based on the number discussed the MX60 is $1050 over 3years is not bad the only thing i can't see it doesn't do dual wan, and the load balancing like the ISA550/570?   I'm sure the mx80 is much better than the ISA's but $4,200 over three year I can not see the small business guy paying that. I may be wrong I think the ASA5512 with firepower is a much better product than the MX80.    

It is true that it is not

It is true that it is not Cisco designed.  It was an acquisition a couple years ago for 1.2 billion cash.  

All MX series from Z1 to MX600 support dual WAN and a third USB modem that can be used stand alone or as backup.  The MX60 is recommended for about 25 users, but many people use it for up to 100.  Now I would not say it would support 100 users with heavy use and all security features and VPN and content filtering and layer 7 traffic shaping enabled on a 100mbit WAN, but really would an ISA do that very well?

There is no apples to apples comparison for Meraki, it is really a bit of a unique concept.  The management and monitoring and ease of use is a really strong part of their offering.

I am implementing an all Meraki network right now with 3 locations and about 135 combined devices (mostly APs, but also dozens of switches and 3 MX400 firewalls)  I was able to configure the whole thing myself in about an hour and have an installer just plugging in equipment and it is being automatically configured as it is plugged in.  It may be hard to understand if you haven't tried it.  It is NOT like ASA and ASA certainly has some features that Meraki can not do, but Meraki is targeted at customers who don't need particularly complicated networks, but do want all the advanced bells and whistles in the admin and monitoring and reporting interfaces as well as 24/7 enterprise support and lifetime warranty.

Here is a 6 minute overview of the MX series to give you a good overview of all it can do out of the box: https://www.youtube.com/watch?v=GthE4CXR998

-- please remember to rate and mark answered helpful posts --
New Member

thank you,  I just saw the

thank you,  

I just saw the video is very cool.  it would be a very nice implementation with in the scale environment.

thanks.  

 

 

 

New Member

Actually Brandon, I find the

Actually Brandon, I find the ISA570W works wonderfully with 100+ users on a dual WAN connection with the fastest at 80+Mbps.  The client that's using that has no VPN but they're using all the security features other than antispam and they have heavily configured application control enabled on their guest WiFi that regularly has 50-70 people connected via Cisco Small Business WAPs, that's in addition to 30+ admin machines and a HD webcam that runs 24/7 streaming video to a rebroadcast service.

Anyway, I get their management GUI is part of their offering, but for 99% of small businesses they couldn't care less.  They cannot afford thousands upon thousands of $ in WAN equipment from an unproven company (remember, this NOT Cisco equipment, it's an acquisition and Cisco has a habit of buying companies and then discontinuing products).  Just like we had no guarantees the ISA500 series would be around for awhile, what guarantees do customers have that Meraki will be?  I'm hearing rumblings that sales aren't stellar so how long does Cisco stand by this division if they're not moving tons of product?

What they need is a midway product that supports say 250 users at half the MX100 price point and a written guarantee of a minimum of 5 years of product support and upgrades. Until then, my Cisco customers who jumped on the ISA bandwagon are gun shy that Cisco could shut this down too.  Remember, this product, just like the ISA, directly competes with the ASA and Ironport lines not to mention Aironets and Catalyst switches.  If Meraki starts taking business from those lines Cisco Enterprise could easily demand they be shut down too, just like it looks like they did with the ISA.

New Member

very true,  will have to say

very true,  will have to say yes an appliance would be most reliable.  what have you found to be comparable to an ISA570 in terms of all the options?  I look at the Cisco ASA 5505 the issues is not gigabit, no dual wan, and a bit dated performance wise.   yes I personally don't get the Meraki benefit is it better than the ASA?   

 

 

 

There will be an ASA5506-X

There will be an ASA5506-X soon ... 

Michael Please rate all helpful posts
New Member

But it will be 3x the cost of

But it will be 3x the cost of the ISA570 if you want dual WAN, won't do wireless, won't have application filtering, won't have malicious website filtering, won't have much of anything that the ISA did for small businesses for a reasonable price.  The Meraki fluff is $9000 over 3 years so it's out and the low end ASAs don't have any of the other features.  Cisco just priced itself right out of the small business market for this type of equipment.

Brian, what products and

Brian, what products and licenses are you basing this $9000 figure on?  An MX60 with 3 year advanced license is just over $1000 for three years.  5-10 years gives you an even deeper discount on the license and support side.

-- please remember to rate and mark answered helpful posts --
New Member

I fear you're not comparing

I fear you're not comparing apples to apples.  It looks as though you're comparing a Ferrari to a SmartCar.  By published specs, the MX60 is ONLY rated for 20, that's TWENTY, users max.  The ISA570 can handle many more than that, in fact easily in the 200+ range - I have a client using well over 100 at any given time without issue or speed problems on an 80Mbps connection.  So first off you have to go to an MX100 not an MX60 to even start comparing apples to apples.  I had a long talk with multiple reps at Meraki and they concurred that the MX80 and MX60 were woefully under-powered compared to the ISA570 based on performance specs alone.  So now that you're in comparable hardware, let's talk prices:

 

  • MX100 will run $2500-$3500 (they claim they can get my clients a 50% discount but retailers are selling it for $3500+ so I would only believe the 50% discount after I saw it in writing.
  • Next, yearly software licenses also retail for $5000 with a claimed discount of 50%.
  • This brings the comparable replacement for the ISA570 based on the number of supported users to $5000 the first year (assuming they can really get a 50% discount) and $2,500 per year after that which takes the 3 year TCO to $10,000!!! 

They're selling SMB hardware at more than enterprise prices.  If the MX100 was $2500 with $500/year licensing I'm jump on that immediately. Cisco enterprise equipment has SmartNet contracts that sell for <20% of the cost of the unit/year.  A $3,000 ASA-5510 has a yearly SmartNet contract of $605.09 (that's a direct price from CDW for a client of mine who is renewing their contract as we speak).  

 

Simply put, Cisco has NO replacement for the ISA570 that a logical price point that a company willing to buy the ISA570 is going to spend and Cisco sending people to the MX60 is only going to make customers mad when they buy one and find out what it's only capable of handling 20 users at a time, TWENTY!  The cheapest Linksys, Belkin, Netgear, etc... home device supports more than 20 users at a time.  You couldn't even use a Cisco WAP561 fully populated with max users of 32 WPA2 encrypted users with an MX60.  As a consultant there's no way on this planet that I'm willing to risk my reputation on Cisco's recommendation to go to a product that is woefully under-powered and clearly overpriced (their excuse for the pricing was their portal is worth the $ - they can dream all the want, but $10,000 over 3 years for what the ISA would have cost $1000, I'd live with the ISA's GUI).

New Member

I agree,  the ISA was

I agree,  

the ISA was definitively the absolute solution for the small business,  I have clients with multiple site with the ISA570/550 combination of main site to branch UC540 with 7975g phones behind it.  Remote phone and all the options turn on the ISA's site site dual wan, site to site, sslvpn, IPS, content filtering.  the ISA rocks 100% better than the SA520/540 ever did.   bringing performance and price point.    

I'm not frustrated over eol of ISA can't take personaly.   the IT world is all about change.  it would have been cool to have something in place that would fit with the rest of the cisco gear the clients already invested plenty on. 

If there is a ASA-5506x or ASA-5508xI would like to start looking at the specs 

 

 

I have some real world

I have some real world experience with Meraki and can tell you one example where I have 3 MX80's for a school using VPN and content filtering and security features with about 200-300 average daily users per site (BYOD mostly ipad, smart phones, etc), but also voip and admin and testing, etc. and it works great.  They want to add Meraki switches and APs now.  The computer teacher is able to manage the whole network himself and has minimal network knowledge.

 

Also, keep your eyes open for a new MX product announcement in the next couple weeks.

-- please remember to rate and mark answered helpful posts --
New Member

Ah, but Brandon, a school !=

Ah, but Brandon, a school != small business. I thought the pricing on the ISA was great and an easy sell. Meraki, I'll give them maybe easy management (no experience). Pricing, not so much. Small businesses put on part time employees at those prices.
 

And I think the ISA looks better in a rack. :p

6654
Views
32
Helpful
54
Replies
CreatePlease login to create content