We have just had two internet lines installed and active 20mb and a backup 2mb. The two lines are in different sites connected by a LES 1000 for Disaster recovery - both sites are in the same town.
I need to configure some ASA firewalls to support the lines and have the one on the 20mb active with another on the 2mb passive. As far as I can see there are two ways of doing this.
1. Use LAN-based failover with one firewall on each site.
2. Keep the firewalls seperate broadcast routes into my ospf network (as a /32 address) with different costs to ensure traffic always goes to the primary device.
As an added complication the devices will be running IPSec VPNs.
Any advise of how best to proceed would be very useful.
I have attached a diagram of the current plan for information.