I can pretty much do anything with the Zone Based Firewalls that I can do with an ASA.Īnd finally to round things off with VPN capability, I again have to go with a Cisco Router. This is a very feature-packed firewall capability.
![cisco asa 5505 gigabit cisco asa 5505 gigabit](https://sc02.alicdn.com/kf/H2f237fbfa8c143d18a86da6533341186p/202665117/H2f237fbfa8c143d18a86da6533341186p.jpg)
While the 5505 certainly is capable of everything a firewall can be and then some, there is a "not-so-common" feature of the Cisco IOS called Zone Based Policy Firewalls. While the ASA 5505 does in fact support routing protocols, it by no means compares to the routing capability of the Cisco IOS.īut you may be interested in security, since that's the primary function of the 5505. You may also want to consider routing functionality when making a decision like this. This is another area where the Cisco ASA 5505 can't touch the router. The Cisco 891 also has an optional integrated secure 802.11a/g/n access point that's based on the draft 802.11n standard as well as dual-band radios for mobility and support for autonomous or Cisco Unified WLAN architectures. The Cisco 891 supports a number of protocols based around Metro Ethernet but since the ASA doesn't support them, there is no use in mentioning them. When it comes to QoS, the Cisco 891 wins again. The Cisco 891 is feature-rich with QoS being capable of multiple classification methods, multiple queuing methods, traffic policing, traffic shaping, and even auto qos. Matching capabilities are still immature on the Cisco ASA OS. This includes policing on inbound and outbound as well as the ability to configure a priority queue in addition to the single best effort queue. The Cisco ASA is capable of some QOS features configurable with the Modular Policy Framework. The Cisco ASA 5505 doesn't have any of this functionality, therefore this round goes to the Cisco 891. The Cisco 891 has Metro Ethernet features which include one 1000BASE-T Gigabit Ethernet WAN port, one 10/100BASE-T Fast Ethernet WAN port, or one 1-port Gigabit Ethernet (GE) Small Form-Factor Pluggable (SFP) socket for WAN connectivity however only the 1000BASE-T Gigabit Ethernet WAN or the SFP can be operational at any given time. The Cisco ASA 5505 has 8 port 10/100 switch with only 2 PoE ports.
![cisco asa 5505 gigabit cisco asa 5505 gigabit](https://image.slidesharecdn.com/top5reasonstopurchaseciscoasa5500series-140218031710-phpapp02/95/top-5-reasons-to-purchase-cisco-asa-5500-series-4-638.jpg)
![cisco asa 5505 gigabit cisco asa 5505 gigabit](https://netsystem.vn/wp-content/uploads/2018/11/cisco-asa-la-gi-1.jpg)
The Cisco 891 has an 8-port 10/100 Fast Ethernet managed switch with VLAN support and 4-port support for Power over Ethernet (PoE) (optional) to power IP phones or external access point. Note: For purposes of simplicity I'll be comparing the Cisco 891 Integrated Services Routers to the Cisco ASA 5505 but most of the features discussed relate to most Branch Routers running Cisco IOS version 12.4 or 15.x. In this post I'm going to share why I would chose a router, even though I'm a huge fan of the ASA. So the decision usually comes down to what an admin is more comfortable with. Then again, so does the Cisco IOS router. The ASA puts up a good case for being the device of choice. Have you ever had to make a decision between an ASA or a Cisco IOS Router at a smaller branch office? This sounds like it would be an easy task, but it's not.