I need to buy a new router to be our Internet border router for a new 20Mbps Internet feed.
The router will only have a static route to the upstream provider, but I will be having a pair of fairly lengthy ACLs on the external interface, to apply restrictions on both inbound and outbound traffic. I will not be doing any VPN endpoint operations on the router itself, since all VPN operations will be handled by a separate ASA 5520 unit residing in between the new border router and my internal networks. A DMZ will exist on the network segment in between the router and the ASA and a couple special purpose Internet-publishing servers will reside upon that DMZ.
Will a 2911 with rather complex inbound and outbound ACLs on the external interface be able to handle a sustained 10 to 20Mbps traffic load or do I need to jump up to the 2921 router model instead? The router will be only routing and filtering traffic.