In the attached diagram, things seem to be a complex in the first look, but let me explain.
We have 2 DSL links from our ISP, about 8mb, active and backup, connected across two 2811 routers.
These routers terminate on a pair of Alteon Application switches by Nortel. The nortel switches work in a mode that basicallt sandwiches two ASA 5520 firewalls. The motive behind this design was to use both ASAs in Active Active mode with load balancing automatically instead of spreading across the VLANs on both the firewalls. It also gives me ability to offload SSL for my DMZ app servers. The red lines signifies the 'Active' route the data takes, while the blacl ;ines signify the 'redundant' route.
The issue is, on the Alteons App switches, facing the routers, I cannot terminate IPSEC VPN connections and to bring them down to ASA, on public IPs is proving a bit tedious.
What are my options?
What's the drawback of terminating IPSEC VPNs on my 2811 routers?
They have 256 MB on board and comes with integrated onbaord VPN encryption acceleration. There is alos an add-on module AIM-VPN/EPII-PLUS, which is called as "Enhanced-performance DES, 3DES, AES, and compression VPN encryption AIM".
Do I need this if I terminate 6 of my IPSEC VPns on my routers? Can I live without this added AIM?
Also, as my total design is seemingly built with redundancy in mind and automatic failovers, what are my chances of making even my IPSEC VPN automatic failover between the two routers?