Cisco 861W vs Cisco 5505 - Security and Perfomance

Posted on 2009-02-16
Last Modified: 2012-05-06
I need advice on how to setup home/office network and help choosing a good and appropriate cisco firewall.  This is home office and we have a non static IP address for our cable service.  Our mission critical servers are colo'ed at a good facility in Dallas.

Here is our current home office setup:
1) Televantage Phone server - Dell PowerEdge SC 430, Win XP 32 bit
2) Dev & customer service, endpoint 11 server - win 2003 32 bit (horrible cpu usage from endpoint, will move to SBS server as soon as possible)
3) 3 - Dell T3400 station w/ gigabit cards - win XP 32 bit
4) 1 Laptops Dell latitudes with wireless 802g
5) Other - PS3 and Xbox 360 - wireless 802a or b?

New not set up yet:
6) Exchange, VSS, Endpoint, File server - SBS 2003 - Dell PowerEdge 840
7) PowerConnect 2708 Web-managed Switch, 8 Port GE

Here is what I would like to achieve:
1.  Gigabit connection through switch from each client to SBS 2003 on wired.  
2.  Wireless access
3.  Good firewall to protect LAN.

Please look at the diagrams for proposed network schemas:
Diagram 1 - Cisco 861W
Diagram 2 - Cisco 5505

1.  Are these schemas accurate and will they work as proposed?  If not please suggest.  
For example:
5505 is a dedicated firewall where as 861W is a router correct?  
Can I get gigabit connection from servers to clients through switch even though 5505 and 861W only achieve 10/100?  Not sure if I need a Gigabit router in configuration to achieve this.

2.  Are these Cisco Firewalls good and will they offer what I need to protect the network.  I have read Cisco IOS with SPI is the way to go.  Which firewall is better?

3.  Can both of these cisco devices handle VOIP.  Currently we use analog phones but would like to switch to VOIP in the near future.

Any help is appreciated!
Question by:DMAC421
    LVL 6

    Expert Comment

    I would defintely suggest either cisco pix or cisco asa.
    ASA will have much more features that might not be used in this environment.(e.g:  clientless/web client access)

    On the other hand, Cisco Pix still has all the features like advance ACL / firewall, NAT, Lan2lan vpn, remote access vpn, Dhcp server option.

    cisco 861 would be a hassle when configured as a firewall and obviously not recommended as it only cover basic acl/ firewall configuration.

    Fastethernet is all you need as some clients are on wireless and gigabit only required on your LAN access only from client, in this case, your powerconnect 2708.

    Author Comment

    Thanks for the reply.

    Ok so it sounds like the ASA 5505 is the way to go.  Quick question though isnt the ASA 5505 more of a dedicated firewall device so do I need a router between the 5505 and switch as shown in Diagram 2?  I would go PIX but due to budget constraints I need to purchase with AMEX points and there doesnt seem to be any new PIX on shopAmex.

    Please let me know and thanks for your help!
    LVL 6

    Expert Comment

    yes, it's a dedicated firewall device that works with many many extras (Remote access,L2L, dhcp server, etc)

    A router can be placed behind ASA, only if you do multiple vlan , and advance routing(e.g bgp,eigrp, etc).

    In this case, ASA is more than enough to handle the basic routing, where asa will be the default gateway for all the machines obviously.

    Author Comment

    Thanks Rick

    So the ASA will be the default gateway.  In the above diagram which do I need 10 or 50 user license?
    LVL 6

    Accepted Solution

    I guess you mean vpn peers license, you will only need 10 (standard mostly).
    note: can always change this in the future anyway if the sites get much larger.

    Author Comment

    thank you

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now