Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


SA520 or ASA 5505

I originally posted this question in a different section and was referred here.

Can someone tell me the primary differences between the Cisco SA500 series and the ASA 5000 series.  I'm trying to determine which security appliance to utilize in front of a Cloud PBX.  Essentially, the Cloud PBX provider's point of demarcation would be a Cisco IAD (in this case it would be a SIP trunk).  I'm trying to figure out whether to use an SA520 or an ASA 5505 in front of this IAD before connecting to the managed network swtich.  I'm told any firewall used needs to be SIP-aware.  Would either of these work?  When would it be better to use one over the other?  There will only be about 7 users on the network.

Thanks, Adam


Both SA500 and ASA5505 have firewall and VPN capabilities.  Based on your description, either of the two boxes should be able to address your need.  They all support SIP ALG in their firewall which is what you need with a SIP IPPBX behind it. 

ASA5505 with enterprise design in mind has much more granular firewall/vpn options than SA500, which is designed for small business with <100 users, does.  So if you anticipate your policy would need to be relative detail, ASA5505 can be a handy option. Though, for a 7 user network, it is likely the SA500 is sufficient enough.

Another key difference is SA500 can have multiple security services in one-box or known as a "UTM" security appliance.  In addition to firewall and VPN, it can support Web protection, i.e. blocking certain web sites cateogry or preventing users from getting into a malware web site, block spam, and support Intrusion Prevention Service (IPS). They are security subscription services.  Thus, they need to have license to enable.  You can also purchase with bundle option if they are what you would like to use.

ASA5505 can also have some of those services enabled but it requires to purchase additional hardware modules.