Hello there, was hoping for some recommendations for product selection and overall infrastructure setup for our datacenter:  We have an old, legacy setup, and are looking to replace equipment, improve performance, enhance security, and implement hardware redundancy (if cost effective).

Background-

1)  We now have (2) IP blocks from our provider, and need to support both (because we have mailers on older IPs with a good reputation rating).

2)  We have (2) aged Sonicwalls, one for each IP block, each connects to multiple internal subnets (some internal subnets need connectivity to eachother, some don't).

3)  We have (mostly) public facing web servers (Linux/Apache), as well as database servers (with no external access).

Questions-

1)  Should we implement a Cisco ASA 5520 w/ or w/o SSM modules for the new IP block (for webservers)?

1a)  Should we implement a Cisco ASA 5510 or 5505 for the existing IP block (for mailers)?

1b)  Or, can we have multiple public IP blocks connected to a single ASA 5520 (or 2 ASA's w/ failover)?

2)  Can we connect both firewalls (5520 and 5510/5505) to a single Catalyst 3550 (or similar) using VLANs, and have 6 - 10 VLANs for webserver subnets, with ACLs controlling which subnets/servers can connect to eachother?

2a)  Should we implement a second Catalyst 3550 (or similar) for redundancy (webservers have multiple network cards).

3)  From our provider, we only have (1) dmark which both IP blocks connect through.  Currently we have a switch connected to the dmark in order to 'splice' the connection, and have both existing firewalls connected.  Is there a better approach to this?

4)  We would like to implement SSL-VPN, and possibly site to site IPSec VPN, but only if there will not be significant performance degredation.

5)  Other thoughts/recommendations for new features, enhanced security, or redundancy?

Thank you.