Scenario: small company with two locations - the main site has a 10-Mb fiber Internet connection, the other a 45-Mb DSL connection. The sites will communicate via a site-to-site IPsec VPN, and remote clients will connect to the primary site using both IPsec and SSL VPN (hopefully). I have a couple questions:
1) Since both of these sites have Ethernet hand-offs, and will not carry Internet routes, can I simply use a Cisco ASA at each (as opposed to an actual router, such as an ISR)? If there's a reason why a real router might still be purposed in this environment, please advise.
2) At the primary site, can a single ASA (sized appropriately) be assigned a single public IP on the outside interface, and handle outbound Internet traffic, the site-to-site VPN, and both types of remote VPN clients? Can one interface/IP be used for all of these things concurrently?
3) Lastly, if the primary site also had a DSL connection to the Internet, could the ASA be configured to automatically failover to this secondary connection if the primary fiber connection was lost? (Not sure how this could be done w/o destroying all of the VPN connections)
Thank you, and links/references are always helpful!