Hi
1) A 2800 series router could do the firewalling + vpn termination + routing if that is what you want although i appreciate you may not want it to do all functions and it may well make sense to have a separate firewall. Only you can really make that decision.
IPSEC is done in hardware and if you need even more IPSEC throughput you can purchase an AIM for it.
Attached is the data sheet for the 2800 series router. Be aware that for IPSEC and or Firewalling you will need to make sure you order the right IOS with it.
http://www.cisco.com/en/US/products/ps5854/products_qanda_item0900aecd80169bd6.shtml
2) Yes an ASA5510 is a more than adequate replacement for a pix 506. Bear in mind that the config will be different because your ASA will be running v7.x code and not v6.x which is probably what's on your 506e.
3) Not sure what you mean by this. Cisco do a standalone NAC device and NAC integrated with 802.1x on the switches.
Network monitoring tool - we use Ciscoworks but this might be overkill for you. Main issue wis with monitoring pix firewalls - ADSM is only one firewall at a time. Cisco do the Cisco Security Manager software for managing multiple devices but it isn't cheap.
Alternatively you could look for free software for snmp and sylog messages - there are quite a few out there.
HTH
Jon