Failover options

Scenario:

Our company just recently acquired a 9mbps internet connection for redundancy in case our main ISP connection fails.

Equipement involved:

We currently have a PIX 515 connected to our main internet connection that is a 7 T1 Bundle. I am looking foward to replace this with a ASA 5540.

The branch offices currently run a pix 501 which i am planning to replace with a ASA5505.

Setup:

I have 9 branch offices distributed accross Canada, they are all small offices with less than 20 individuals in each location, they run of a PIX 501 with one IPSEC tunnel to our main PIX 515 in the main office.

Desired Scenario:

FAIL OVER, FAIL OVER and FAIL OVER:

We need fail over regardless. My company is maturing its business and downtime is becoming a critical situation that we cannot afford.

Question: I Would like to know how can i failover the ASA5540 with two internet connections. I have a ASA5505 in hands and i was reading the manual and i can see that it can do that, so my best guess is that the 5540 would be able as well.

Simply, my two isp providers are completely independent of each other, so even if the circuits of the main one fail, the second one do not have anything with the first and will still work, so i would like the ASA tp failover if that happends and just start using the second link.

Any thoughts ? No config files for now :D
Just simple talk.
iFroydAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RowleyCommented:
A good starter doc on the whole subject here: http://www.oreillynet.com/pub/a/network/2002/08/12/multihoming.html

0
lrmooreCommented:
Yes, you can setup the ASA for failover using dual ISP's and it is quite simple. The only thing you can't do is load-balance or even use route-maps to load share.
I know you said that you didn't need configs for now, but here's the document that describes the solution and also how to configure it:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.