ACL Firewall for a CISCO 2610 Border Router

Urrr -- Cisco would probably recommend their own firewalls ;-) There is the Cisco PIX series

the newer Cisco ASA series A 2610 could in theory keep a 10 megabit full duplex port completely busy, if the traffic patterns were right, but it wouldn't stretch much beyond that. A 2610 would, if I recall, be aimed at about the 1 x T1 to 2 x T1 market. Is the organization using VOIP or channelized T1?

Any of the PIX 500 models (that are still sold) can handle

10 megabits/s plaintext; the PIX 501 would be a bit tight if you wanted to do VPNs at T1 or higher, but the result of the PIX 500 (that are still sold) should be able to handle VPNs at those rates.

The choice of PIX model would depend on the number of internal users you have; an entry PIX 501 is restricted to 10 users, with a

50 license available (that is usable up to about 20-ish active users before you start hitting memory problems if your config is large). The other PIX models do not have per-user limits, so if you have more than 10 users then it often makes more sense to go for a 506E than a PIX 501 + extended license.

The choice of ASA models depends upon load and upon features that you want. THe ASA 5505 is pretty much like the PIX 506E in capabilities; the ASA 5510 and upwards start adding additional facilities not available in any PIX.

These days I couldn't recommend getting a PIX 501 or 506E except for home users or SOHO, as effectively software development has stopped for those models. The 515E, 525, and 535 are still under ful software development. I haven't had an opportunity to work with the ASA series.