We are currently switching over to an MPLS network and don't trust the Service Provider to have a secure core. I've been looking at the GETVPN for encrypting all our traffic between our branches and headquarters. We are thinking about having ASA5505 at all our branches to do the encrypting but from what I've read that a firewall would not be a smart idea. Also I was looking at having our firewall at our main office to be the Key Server, but can't find to much on how to set it up. So I guess my question is will it be smart to use a ASA5505 for our Group Member (GM) at our branches and a ASA5510 for our Key Server (KS) at our main office and backup location or should we go with a 1921 with a security license at the branches and 2801 or 2811 as our KS at the main office and backup location.