Ok Cisco experts, I need an opinion, and If I know anything about this group, you have opinions.
We are a web hosting and application development company, our current Internet connection is protected by a Cisco 2620XM router using access lists to limit access to our network.
So far we have been well serviced by this unit and it's configuration, however we are noticing that CPU utilization is high and that a targeted udp flood can bring it to it's knees. So we are considering adding an ASA 5510 to handle the access control, thus relieving the CPU.
My questions are, what other benefits are there to doing this? Should I continue to use the 2620 as a router and use the ASA only as a firewall or should I just move all functions to the ASA? What IOS version an features should I get to ensure we have Intrusion detection and can still provide all services such as Web, FTP, SMTP, POP3, DNS and VPN connections without paying for feature I do not need such as anti-virus and anti-malware?
So may options... so little time to research them all. Your good advice is welcomed!