I am not sure I follow you with the trusted/untrusted terms? What exactly do you mean with them in this case?
With Cisco devices I'd say the first thing that comes to mind as pro for same type of devices is that they have/support the same capabilities. Cisco routers support many more ways to configure VPN connections. They are better in the situation where you have several sites as you can run secure VPN connections and routing between the sites. From a service provider perspective the routers also provide better options on virtualizing/separating the different customers connections on the same device. Cisco ASA does not provide as much options of doing the same as the Routers.
I don't really have that much expirience with configuring large VPN setups with Cisco routers to really tell much about them. We mostly use Cisco ASA so have not gotten too much exposure to the router side of doing things.
I personally prefer doing VPNs on the Cisco ASA as it provides a better view of the actual VPN situation and more troubleshooting tools. If I had control on what devices to use and more time on my hands I would surely use routers a lot more.
I am not sure if the trusted/untrusted scenarions really play into which type of device you choose for the VPN (atleast for me so far). I'd say that usually the device type is dictated by the requirements of the environment. (Are there multiple sites? Do you require dynamic routing between sites? What features need to be supported on the devices?)
I have worked with an ISP since I graduated and that has for the most part meant that I don't get to set up new VPN environment that often. This is because there is usually only the specific platforms (already existing and in use) that host all the customer VPN services and new devices are not needed for a new customer. So this in itself limits my changes to get to setup separate large VPN environments. This is also due to the fact that we use the ISP network and other ISPs to connect the different customer locations through MPLS network so an actual VPN solution is not always required.
My personal preference to building VPN connections is Cisco ASA but this is again mostly due to the fact that I used PIX firewall at the end of my studies and started working with Cisco PIX/ASA/FWSM when I started working. Also as its an actual firewall device I find that it gives me a lot more information and ways to troubleshoot a situation. I am not necesarily referring to the GUI. I don't really use it for configuration tasks at all but might use it to check firewall logs when I quickly need to check some problem. Then again the Cisco Routers can also be gotten with softwares/licenses which enable statefull firewall capabilities with them but that again is a subject that is not really familiar to me but something I should really learn. :)
I really regret that I have not gotten to use Cisco Routers more as I am sure that they offer a lot more possibilities to handle VPNs and routing related setups than the Cisco firewalls. I simply have not had the change to get to know them that much as my employer has used ASA firewalls more. Also the fact that I lack expirience with the Cisco Routers for VPN purposes also is a cause why I find them less straight forward to configure than the Cisco ASA.
If I had to start building a completely separate network for a company with multiple remote sites (which I really have not had to do or have not had the chance to do before) I would have to say that I would probably use Cisco Routers rather than Cisco firewalls. Then again I might use Cisco Routers to handle the connectivity between the sites but still use Cisco firewalls for actual firewalling purposes if possible.
With regards to the GUIs on the Cisco Routers I think it used to be called SDM though with a quick look I am not sure if that is used any more. I am not sure if the Cisco Configuration Professional is the name of the new GUI for Cisco Routers. I am not even actually sure what platforms support it.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :