The major advantage of using a 2621 for routing instead of a pix is the fact that it is a "router". The PIX does not use routing protocols and realistically does not route. The PIX is designed for security not routing.
As per my knowledge 2621 with VPN accelarator will be best suitable(cost effective) solution for VPN with 3DES but no failover. 2621 is a router which supports most of the routing protocols and PIX doen't do this. PIX does not support all the routing protocols. 2621 can't be a firewall,but can be a lower-end router. PIX got built in security for each interface depending on the name of that interface.
I'm working on a project right now that will remove most of the load and 'routing' from our PIX. It has 6 interfaces and we are currently using ALL of them for 'routing'. Granted some could say that it should stay like that so that we have a layer of stateful packet inspection between all domains/environments...but I think that is unneccessary considering we have 2621's and a 6509 inhouse w/ an MSFC....that was being utilized with zero benefit to our infrastructure.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...