I've already posted this on the Small Business Area.
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well. We don't use any of the advance features apart form IPSec VPN, ISP Failover.
I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.
We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacts and has CLI.
an ASA is a firewall first and a router second ( lesson learned the hard way by myself ).
An IOS device differs in some terms from the ASA ( NAT etc. ).
The 800 series are fixed config and I guess ISP failover will be tricky with only one WAN interface, although you
have the choice of 2 x 800's and PBR as a pseudo failover scenario.
ASAs are pretty security-centric devices. I mean, they also have some routing features, but the overall ASA design
is pretty fascistic per default whilst on IOS you'll walk on all fours to get the bottom line of security an ASA implicitly offers. The advIP IOS has a nice buncha stuff on board, but it is still no ASA whilst an ASA is still no IOS.
Re: Need a router for our client, to replace ASA5505.
As you are well aware you can get just close to an ASA with a router and not replacing it. The Cisco 877 is in eol and if you do want to stck to the 800 series you need to choose something else as 887va for adsl or relative model for the technology you are implementing. Although not. Replacing an ASA I find very interesting the new license system with universal iOS. Choosing a sec license you have many features that let you implement a good security perimeter . I would say that the IOS 15.2T with SEC-K9 license is the closest choice to an ASA. Again, you are not going to replace an ASA, just providing a good machine with a security oriented IOS. Don't choose the NPESEC-K9 license because it would not let you encrypt the payload.... And maybe choose a bigger machine if you can...1941 s excellent in that and justify the expense with its VPN and hardware encryption capabilities
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...