Now my customer has only one ASA as SSL VPN concentrator.
They want this single ASA to support for two ISP connection----NOT reduandent ISP.
They want their users to choose the ISP when establishing the Anyconnect VPN connection. The data sent to the ASA and the return traffic will keep flowing throught the ISP they have chosen.
My solution is: Enable VPN on two interfaces of the ASA,
and for enabled VPN interface1, config static routes to ISP1,
for enabled VPN interface2, config static routes to ISP2,
However, there would be a lot of static routes to be config.
Some one suggests me to connect a ISR out of ASA and offload the routing process to the ISR.
I am quite confused with this solution. Should I use two ISR? How do I connect the ASA to ISR (two links? what kind of routing protocal??)
So which solution is better?
If an extra device besides the existing ASA is added, which solution is better: (1)add ISR (2)add another ASA?
Thank you very much in advance!