Why use an active/passive setup instead of active/active? Just have equal-preference MX records and let the traffic split. Then if one unit fails, the other gets the whole load. In addition to simplicity, this also keeps both units exercised, so you'll be less likely to be surprised by a spare that turns out to be bad, too.
In our case, we have a large stable of IronPort MGAs, so we use a single MX record and a load balancer to split the traffic, handle failure isolation, etc. But load balancers tend to be expensive, and may be outside the budget of a shop small enough to need only a pair of C300s.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...