The 827 runs Cisco standard IOS where the 678 does not. Your SP will definitely notice if you switch. Also, its probably their router so they probably have it configured the way they want it.
My suggestion, terminate the IPSEC tunnel inside past their router. Get a small PIX firewall, a VPN concentrator or just a dual Ethernet router (like a 1700 series) and just terminate the tunnel on that. One word of caution, if your SP is doing Port Translation (PAT) on your network, then the only solution you have is the Cisco 3000 series concentrator which has a feature called NAT transparency mode. This feature will allow you to do IPSEC in a PAT/NAT environment (which is pretty likely by the sound of things).