I have a ASA 5540 (actualy 2 in Active/Standby setup) connected to the Internet and Internaly a DMZ where I get the traffic from my SecureMobile provider.
On remote site I have a Sarian DR6410 router with a ADSL interface and a GPRS/3G int.
I have no problems getting the IPSEC up and running on both interfaces and I'm able to ping from the LAN Internal -> Remote and opposit so long I have a static route in both ends prioritized to send traffic on the same Interface. My intension was to have the 3G/Gprs interface as a failover but I would like it to be done automaticly. I have configured a route in both ends with a best metric using the ADSL (1) and the 3G (255).
What is the best solution ?. Will it be running OSPF between the Sarian and the ASA or could I do something else to solve my problem.
Annother question is, will the ASA could handle around 150 VPN Tunnel's or what is the limitations ?. The tunnels are not heavy loaded.
OSPF through a tunnel would work as long as there is one a single tunnel endpoint, or you can use object tracking so that when the primary link is down, the ASA will change the route to the 3G/GRPS interface, see the link below:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...