I use a 2821 IOSFW for internet access
It holds 14 DMZ (one Vlan / server on each)
and about 2000 internal internet daily users.
My internet access is 10Mbps symetric.
When trafic grows, CPU grows correspondingly to IP trafic, up to 50%.
I suppose that CPU load is due to IP nat, ACLs and CBAC between inside and outside.
Some external Citrix users sometimes loose their connexion.
Cisco's Commercial argue that I should migrate to ASA 5510, but I need some features like PBR which is unavailable.
I am looking for a serious diagnostic method.