We have IPSec VPN tunnels sourced on ASA appliances connected to Router R1 where the WAN link is terminated.
Here we are about to add another WAN link with a connection from different ISP. Our concern is how the tunnel will be rerouted through the other link with the same source IPs seeing that the backup ISPs wont allow the primary ISP's IP CIDR through their cloud? Basically the idea is to keep the design simple & hassle free.
The new setup will incorporate these changes. Pls note only one ASA appliance is in use.
ASA --> Router R1 with Primary link/ISP (public IPs of Primary ISP)
ASA --> Router R2 with Secondary Link/ISP(Public IPs of Secondary ISP)
How can the tunnels be sourced with the same IPs of primary ISP in case of a link failure? or alternatively what is the best solution?
Appreciating your patience.
Thanks & Regards to all.