I have a small hosting center where each customer have their own VLAN on a swich. On this VLAN all their servers are placed. I need a firewall that can terminate the customers VPN connections and send the traffic into their own VLAN.
Can a small PIX do the job, or do I need a ASA 5510 securrity plus?
Depends on what you mean by "small". The PIX 501 cannot handle VLANs at all, the PIX 506/506E can handle only 2 VLANs, and the 515/515E and 525 cannot handle more than a dozen VLANs in PIX 6.x (but can handle noticably more VLANs if you use PIX 7.0 for them.)
The 5510 is pretty small too. Perhaps you should give us some numbers -- number of VLANs you need, throughput you need, number of physical interfaces, total number of simultaneous VPN connections, nature of those connections (LAN to LAN or PC to LAN), encryption standards you require, VPN types required (IPSec, PPTP, L2TP). Also, is it acceptable for the VPN termination address at your end to be the same for all the customers, with the destination determined by the group name and password they log in with (PC to LAN) or by their source address (LAN to LAN) ? If you need distinct VPN termination addresses for each client, then it could be a bit of a challenge, that might be solvable if you have a WAN router that is able to route into different VLANs.