I would like to deploy the following and would like to know if it is feasible and advisable:
I would like to have 2 ASA's in failover mode with:
-one inside interface
-one DMZ interface
-TWO outside interfaces connected to two different ISP's (to the Internet), this is the part I am unsure about.
I have never seen or deployed such a setup before.
Some issues I thought of with this setup:
-port 25 from the Internet : what would the static NAT look like? Since there is only one DMZ, that is not an issue, but what would be the outside address of the static NAT? Or is there a need for 2 NAT's, one for each outside segment?
-routing : of the two circuits, one is a 10MG and one is a DSL, so the primary path should be the 10MG and backup is the DSL, should HSRP be setup on the firewall?
Please see attachment for the details