I've already posted this on the Small Business Area.
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well. We don't use any of the advance features apart form IPSec VPN, ISP Failover.
I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.
We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacts and has CLI.
Any recommendation would be appreciated?
an ASA is a firewall first and a router second ( lesson learned the hard way by myself ).
An IOS device differs in some terms from the ASA ( NAT etc. ).
The 800 series are fixed config and I guess ISP failover will be tricky with only one WAN interface, although you
have the choice of 2 x 800's and PBR as a pseudo failover scenario.
ASAs are pretty security-centric devices. I mean, they also have some routing features, but the overall ASA design
is pretty fascistic per default whilst on IOS you'll walk on all fours to get the bottom line of security an ASA implicitly offers. The advIP IOS has a nice buncha stuff on board, but it is still no ASA whilst an ASA is still no IOS.
As you are well aware you can get just close to an ASA with a router and not replacing it. The Cisco 877 is in eol and if you do want to stck to the 800 series you need to choose something else as 887va for adsl or relative model for the technology you are implementing. Although not. Replacing an ASA I find very interesting the new license system with universal iOS. Choosing a sec license you have many features that let you implement a good security perimeter . I would say that the IOS 15.2T with SEC-K9 license is the closest choice to an ASA. Again, you are not going to replace an ASA, just providing a good machine with a security oriented IOS. Don't choose the NPESEC-K9 license because it would not let you encrypt the payload.... And maybe choose a bigger machine if you can...1941 s excellent in that and justify the expense with its VPN and hardware encryption capabilities
Hope this helps
Sent from Cisco Technical Support iPad App
The 877 does not do the same things as the ASA5505.
Comparing prices in some instances the ASA5505 (dependant on license) is cheaper than the 877.
I would state that the 877 is not the right choise to replace the 5505.
I am a bit unsure of the PPS rate of the 877, but if it is as the "870 platform" ie 25K pps then it is no competition between the 877 and the ASA. especially if you check vpn throughput.
The 877 has a 4 port switch and a DSL connection port, The ASA has 8 ports ethernet.
This is also a big thing dependant on what type of connection is delivered.
All in all I would think that the best "bang for the buck" would be the ASA.
Hope This Helps