There doesn't seem to be an ideal way to manage the PIX!
As I see it CSPM is great for creating the ACL's but it's slow when you have a large network, plus it doesn't support the newer VPN clients/commands although you can use the Epilogue to work around this. If you issue commands directly on the PIX they tend to get removed next time you approve a new config from CSPM. Also the currnet release (3.1) is the last release.
PIX MC is very new and supports even fewer commands! I can't even import our current PIX because of this. At least you can issue commands directly to the PIX without fear of them being over written. Wait for a release that supports more commands I suppose.
The best way I can see of managing a PIX at the moment is using PDM and direct command entry.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...