This is by no means an authoritative answer but this is my take on it.
For me the question is more between FWSM and ASA.
The FWSM has a 5GBps throughput versus the 650MBps of the ASA5540. 100,000 connections per second versus 20,000. 1 million concurrent connections versus 400,000. So, performance wise, you get the point. On top of this, if you have multiple vlans configured on your switch and are doing ACLs and QoS, etc already and want to do Virtual Firewalls, then you might as well go with the FSWM and integrate it all together. Plus, you'll be managing them all from a single place; your 6500 series switch. It doesn't mean you can't do these things on the ASA but you may duplicate your effort by configuring certain things on the switch and others on the ASA. You'll also ended doing your administration on multiple devices. For example, everytime you add a VLAN or something you want to firewall, you'll need to make the changes on the switch and then do the ASA and make necessary modification while you could have done it all from the switch if you used a FWSM.
But if price is an issue and/or you don't have a complex firewall configuration requirement, you can go with the ASA.
Also, the FWSM might give you a better technology protection if somewhere down the road you decide to do NAC or MARS or the other cool technologies Cisco is coming up with.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...