I am following this configuration guide for dual ISP support on an ASA 5505 and I have a few questions( http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_examples.html#wp1057935 ).
1.) If the primary ISP fails, the default route gets removed and the alternate/backup route gets used. When the primary ISP becomes available, does the primary route fail back or take over from the backup ISP? There is no tracking on the backup route, at least not in the example below.
route backupisp 0.0.0.0 0.0.0.0 172.16.2.1 254 ! The above route is a floating static route that is added to the ! routing table when the tracked route is removed.
2.) I have a VPN tunnel to another site. Will I need to create a second VPN tunnel for the backup connection/route or can I just apply the original crypto map to the backupisp?
3.) What image/ADSM will be required to achieve this goal?