All of my remote sites are connected to HQ via MPLS circuits. I would like to create back link for those remote sites using 871 routers with DSL connection and terminate ipsec vpn tunnels at the outside interface of ASA5540 located at HQ.
The 871 routers will be configured HSRP standby mode. It becomes active and forward traffic when the main router of the remote site losses connection to HQ.
1. Has anyone had similar requirements and use easy vpn as a solution? will site-to-site work better for this scenario?
2. How to make ASA5540 handle the routes properly when it sees the same subnets located on both Inside interface and the other end of the tunnel which is terminated at the outside interface?
Static routes are configured on the ASA.
3. I also try to avoid user entering username and password for interactive authentication in easy vpn.
Thanks so much in advance.