Both TLS and IPsec give you cryptographic protection. Both are available in different versions and with different algorithms. For your 5510 you are quite limited as it only supports outdated crypto (well, the 5510 is also pretty much outdated and EOL soon). For SSL and TLS, make sure to disable SSL as that is considered insecure. TLS is only available in the legacy version TLS 1.0 while the -X-ASAs supports also the more modern and stronger version TLS1.2. When comparing TLS and IPsec, IPsec is stronger from a cryptographic standpoint, especially when the device only supports TLS1.0.
Regarding upgrading the device: I would assume they think that they don't want to upgrade and instead at least disable all functions on the outside that use suboptimal crypto. On the long/middle term, this can be dangerous as from next year on the 5510 will be EOL.
But as a short-term solution, it could work. But also with IPsec you don't win anything: If you use AnyConnect, you typically want to enable the Session-services which work over TLS. And the legacy IPsec-client uses IKEv1 with legacy crypto which is also not optimal.
On the other hand, in both ways it's unlikely that anyone breaks that crypto.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :