i am looking for some advice on adding an additional DS3 to my network. Here is my current set up.
I have a 3845 with a T3 card connected to Verizon. The 3845 then connects to a 5540 ASA which hosts my internal network and two DMZs. NATing is performed on the ASA to /25 that was provided by Verizon.
So, outbound traffic goes through the network, hits the ASA, is NATed and sent out the T3 router. Inbound traffic (for mail, www, etc) comes in through the 3845, is sent to the ASA and translated.
Recently we ordered another T3 (tiered a 12Mbps also from Verizon). This T3 is not connected to the same router since it comes into a different building on the campus. It also came with more address space (/26) How should I configure these routers and firewall to be redundant? The problem I see is that if the ASA is NATing it will have to send traffic to only the router that has the associated subnet.
Do I need to move NATing to the routers? For outbound traffic I would like both links to be used not simply failover. I know that for inbound traffic I will most likely have to peer with my ISP and tell them to failover to the other circuit if the main one goes down.
Any help would be appreciated.
I have included a diagram to try an explain the situation.