Hello Germain,

I can let you know that the ASA as devices created just for security purposes can acomplish any of the requirements you are looking for.

-They use different defense threats mechanisms ( As an example the Threat detection feature that will monitor all the packets being deny by the ASA, uRPF, Access-control lists,the TCP intercept feature, etc)

-All of them can monitor activity and network application traffic using different features ( Syslog, Netflow,SNMP)

-Besides the ASA 5505, all of the ASA models supports at least 1 dedicated interface for managment traffic ( Out Of Band Managment traffic)

-All of them support VPN IPsec tunnels, AnyConnect,WebVpn

-They can filter traffic and use different approaches to 'X' traffic using the MPF (Modular Policy Framework).

-They by default provide a great approach to security denying all traffic coming from the untrusted zone ( Outside: Internet)  to the trusted zone (Inside : Company).

-They can use their own routing table to block or deny hacking attacks just like an IP address spoofing using the uRPF feature.

So in this particular question I would recommend you any of the ASAs, now you will need to focus on the version of the ASA you are going to have so you can have the more advanced features so you can perform all of the tasks you are looking for.

Also it is important to know that some features are restricted for some appliances (ASA 5505 and 5510 come with a base license) so you migth need to upgrade your license in order to perform 'X' action.

Now if you want to select a particular ASA you should focus on the throughtput of your network, scalability, amount of connections the ASA should supply, etc. because the features are related to the version they are running.

Hope this helps you.

Please rate helpful posts,

Julio!!!