Right now, the office has an ASA5505 and a single ISP. That ASA has an IPSec tunnel to another ASA5505 at a remote site. We want to migrate the phone system to a hosted VoIP provider, so we are interested in a second ISP. I understand the ASA5505 does not to PBR or load balancing, but I'm looking for a creative method to have www/vpn traffic go out ISP-A and VoIP traffic go out ISP-B. Should ISP-B be unreachable, all VoIP traffic will rollover to ISP-A. The VoIP traffic is key, the www/vpn traffic does not need to be as reliable.
My thoughts were to use ISP-A as the default gateway, but have two route statements for the VoIP traffic. Assuming the VoIP provider is 126.96.36.199, I would have:
ip address 10.0.0.1 255.255.255.0
ip address 66.X.X.X 255.255.255.252
ip address 72.X.X.X 255.255.255.252
route isp-a 0.0.0.0 0.0.0.0 66.X.X.X 1
route isp-b 188.8.131.52 255.255.255.255 1
route isp-a 184.108.40.206 255.255.255.255 2
I understand I will have to purchase the Security Plus license in order to use 3 VLANs at once, but will the above work?
Would I be better off using an ASA5505 or the 870 Integrated Services Router for this? I know the ASA will server better as a firewall and vpn endpoint, but which device will handle the dual ISP situation better, assuming ~20 users?