Both TLS and IPsec give you cryptographic protection. Both are available in different versions and with different algorithms. For your 5510 you are quite limited as it only supports outdated crypto (well, the 5510 is also pretty much outdated and EOL soon). For SSL and TLS, make sure to disable SSL as that is considered insecure. TLS is only available in the legacy version TLS 1.0 while the -X-ASAs supports also the more modern and stronger version TLS1.2. When comparing TLS and IPsec, IPsec is stronger from a cryptographic standpoint, especially when the device only supports TLS1.0.
Regarding upgrading the device: I would assume they think that they don't want to upgrade and instead at least disable all functions on the outside that use suboptimal crypto. On the long/middle term, this can be dangerous as from next year on the 5510 will be EOL.
But as a short-term solution, it could work. But also with IPsec you don't win anything: If you use AnyConnect, you typically want to enable the Session-services which work over TLS. And the legacy IPsec-client uses IKEv1 with legacy crypto which is also not optimal.
On the other hand, in both ways it's unlikely that anyone breaks that crypto.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...