We are in the middle of planning a DR site for our Hq office. One of the requirements is to be able to allow Internet based users who are accessing our DR site web server, access to our HQ network via a publicly routable IP.
Over 90% of the traffic from our DR site web server is to/from the Internet and back to the user. However, the other 10% from the DR site web server is authentication traffic to our HQ dbase server. Once the users are logged-in most of the remaining traffic is between the user and the DR site web server only. My questions is; would it be best to setup ipsec between the DR site ASA and the HQ site ASA just for the authentication, or would it be better to do GRE?