I have several business objectives that I would like to accomplish. They are: Business Objectives:
#1 Provide redundant many-to-one NAT Internet access from both Edison and Montvale such that the outside source IP address remains in the same Class C address space and ideally using the same virtual IP address.
#2 Provide redundant one-to-one NAT's for external clients to access hosts in a shared Edison/Montvale DMZ
#3 Provide redundant client F/W to F/W IPSEC Tunnel allowing client access to DMZ assets .
#4 Provide redundant F/W to F/W stateful inspection synchronization. The primary method if via the 100MB TLS circuit using switch to switch 802.1Q trunking. The alternate method is an Internet IPSEC F/W to F/W tunnel.
#5 Provide a redundant and secure backup of the private 100MB TLS circuit via an Internet router-to-router GRE tunnel. (Note!!! Overlap of #4 and #5)
Please see the attached Visio 2007 document as and the identical BMP file for those w/o Visio. Getting FULL BGP routes into the 7204's. Can use GLBP for Active / Active on the load balancing. Using OSPF as my interior routing protocol. Not sure if I need to carry OSPF inside of the ASA5500, nor if I can construct an Active / Active ASA5550 senario. Been a while since I played with PIX's. So, basically I don't know what I don't know, and am very concerned about having a failure that orphans both sites. Any lessons learned to help me with this design would be greatly appreciate.