A customer currently has two sites with DSL connections to the Internet, and Nortel BSR222 routers sitting behind them, configured with a site-to-site VPN. We need to replace these Nortel systems with a Cisco solution, so I'm thinking ASA firewalls on each end:
Site1 -> ASA -> DSL modem ->> Internet ->> DSL modem -> ASA -> Site2
I'm relatively new to business DSL, and I need to know is this can be made to work, and if not, why. Specifically:
1) The DSL modem will provide an Ethernet hand-off, so the ASA's will not need to have any direct knowledge of DSL operation/negotiation, correct? The ASA sees only Ethernet, and won't require any DSL client commands of any sort?
2) I've heard/read that some DSL modems can operate in either bridged or routed mode - in the scenario above, I would choose to use bridged mode, and have the public IP's for the site-to-site VPN's terminate on the ASA's, correct?
3) I've heard/read that authentication is often used in business DSL environments. How would this be performed in the above scenario? Would the ASA be authenticating the DSL head-end at the carrier? And what form of authentication? (PPP/CHAP? PPPoE, etc.)
Thank you, and references/links are always appreciated.