We just implemented an ASA5510. It is working well. I recently went from a PIX515e 6.3.4 to the ASA. The 7.0.x code is a little different, and I don't feel as confident yet as I did with the 6.3.4 on the traditional PIX.
The ASA has done very well for us thus far. If I have any major complaints it is as follows:
THERE IS NO FREAKING DOCUMENTATION OUT THERE.
Most of the documentation out there is really still pix specific. There is not much in the way of utilizing the additional functions of the ASA or even everything else that it can do beyond the legacy pix stuff. That really stinks. Furthermore, there is not a Cisco press book out on it yet. It doesn't hit the presses until sometime this month I believe/hope.
THat being said, looking at the two devices, I just really got the sense that the ASA would be the better long term solution b/c it seems apparent that Cisco is going to phase out the PIX in favor of this device. The price points are basically the same.
I do not agree with you on doco, there is plenty of doco on the Cisco website, and there is 2 Cisco Press books out, I have them both. What particular parts are you wanting doco on, I 'll see if I can point you in the right direction.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...