Cisco ASA redundant Link Configuration

I'm trying to configure redundant ISP link on Cisco ASA 5505 following below link.
www.cisco.com/warp/public/110/pix-dual-isp.pdf 

Internet is working fine from inside to outside but i need to configure web mail access for my external users & still external users need to have VPN access.

Any suggestion on how this can be configured so VPN & webmail access works when primary link is down.
Musafeer79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
>>Any suggestion on how this can be configured so VPN & webmail access works when primary link is down.

With network redundancy you cant do this you would need to deploy the firewalls in fail over http://www.petenetlive.com/KB/Article/0000048.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gavvingCommented:
The problem is that those services are tied to a specific IP number.  The VPN endpoints are IP specific, as is the URL to access Webmail.  The short answer is that the cheapest/easiest way to do this is manual.  Host your DNS with a provider that makes changes quickly, and manually update your webmail URL to point to the failover IP if your primary ISP is down.  As for remote-client VPN, if using Cisco VPN client, it has a Backup option in the client where you can configure the failover IP number, but you'd have to configure the firewall to listen for dynamic VPN tunnels on both ISP interfaces.

The longer answer is BGP.  Obtain a /24 from an ISP, get another ISP to agree to BGP for that IP block, set them both up to BGP advertise that IP block, then configure your firewall to only use that IP block and direct traffic to an upstream router that handles the BGP sessions.  That way your Internet IP number doesn't change with whichever ISP is down.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.