ASA 5505 high availability infrastructure help needed.
I need some help regarding the best way forward for creating a site to site vpn link that has failover redundancy.
Currently I have 2 sites that both have 2 ADSL lines installed, the routers at both ends are simple ADSL to ethernet routers with no special failover functions. I am planning to install at each site 2 ASA5505 with security plus bundle firewalls, and configure them such that if one of the adsl lines at either site fails the vpn tunnel will automatically failover to the other route.
Alternatively, can I achieve a similar level of fault tolerance using just 1 ASA firewall at either end of the 2 adls lines. I understand that this would make either firewall a single point of failure but still provide redundancy of the adsl links which are generally more prone to faults than the firewalls. if it can be done using just 1 ASA at each site, is the ASA 5505 capable or would I need to jump up to an ASA 5510?
What is the difference between the Stateless A/S of the 5505 and the A/A A/S high availability of the 5510?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...