Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Need a router for our client, to replace ASA5505.

Guys,

I've already posted this on the Small Business Area.

We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well. We don't use any of the advance features apart form IPSec VPN, ISP Failover.

I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.

We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacts and has CLI.

Any recommendation would be appreciated?

Everyone's tags (4)
3 REPLIES
New Member

Need a router for our client, to replace ASA5505.

John,

an ASA is a firewall first and a router second ( lesson learned the hard way by myself ).

An IOS device differs in some terms from the ASA  ( NAT  etc. ).

The 800 series are fixed config and I guess ISP failover will be tricky with only one WAN interface, although you

have the choice of 2  x 800's and PBR as a pseudo failover scenario.

ASAs are pretty security-centric devices. I mean, they also have some routing features, but the overall ASA design

is pretty fascistic per default whilst on IOS you'll walk on all fours to get the bottom line of security an ASA implicitly offers. The advIP IOS has a nice buncha stuff on board, but it is still no ASA whilst an ASA is still no IOS.

HTH,

Dan

Re: Need a router for our client, to replace ASA5505.

Hi John,

As you are well aware you can get just close to an ASA with a router and not replacing it. The Cisco 877 is in eol and if you do want to stck to the 800 series you need to choose something else as 887va for adsl or relative model for the technology you are implementing. Although not. Replacing an ASA I find very interesting the new license system with universal iOS. Choosing a sec license you have many features that let you implement a good security perimeter . I would say that the IOS 15.2T with SEC-K9 license is the closest choice to an ASA. Again, you are not going to replace an ASA, just providing a good machine with a security oriented IOS. Don't choose the NPESEC-K9 license because it would not let you encrypt the payload.... And maybe choose a bigger machine if you can...1941 s excellent in that and justify the expense with its VPN and hardware encryption capabilities

Hope this helps

Alessio

Sent from Cisco Technical Support iPad App

Gold

Need a router for our client, to replace ASA5505.

Hi

The 877 does not do the same things as the ASA5505.

Comparing prices in some instances the ASA5505 (dependant on license) is cheaper than the 877.

I would state that the 877 is not the right choise to replace the 5505.

I am a bit unsure of the PPS rate of the 877, but if it is as the "870 platform" ie 25K pps then it is no competition between the 877 and the ASA. especially if you check vpn throughput.

The 877 has a 4 port switch and a DSL connection port, The ASA has 8 ports ethernet.

This is also a big thing dependant on what type of connection is delivered.

All in all I would think that the best "bang for the buck" would be the ASA.

Good luck

Hope This Helps

929
Views
0
Helpful
3
Replies
CreatePlease to create content