Greetings, im sure this question has been approached several times before but it would be appreciated if i could get some opinions.
We have a customer with two DSL connections coming into two different routers, we want to replace these connections with a local Ethernet service, so far so good, however the customer wishes to keep the DSl connections and terminate them on the same router as the Ethernet service.
Now normally what i would try to do is find a provider who can supply both the DSL and Ethernet circuits and run BGP to both load balance and provide resilience for inbound and outbound connections.
Unfortunately we can't in this situation, as per the diagram i am thinking of using the Ethernet service as the primary link, the address block attached to this circuit would be used on the outside of the ASA which would also NAT all outbound traffic to it's global address of 22.214.171.124, the router would be configured with a default route going to the Ethernet circuit, the DSL circuits would have higher metrics, i would also configure PAT for each DSL interface on the router which would mean that traffic is NATed both on the ASA and on the router in the event the Ethernet service fails.
What i hope to achieve is that outbound connections still work in the event of the ethernet service failing however i realise that inbound connections and outbound IPSEC connections are still going to fail if i NAT traffic twice.
Id be very happy to listen to any advice of how to overcome this without using dynamic routing if it is at all possible.