Failover internet connection - but with a VPN?

Hi,

Here's the situation - we have our main office and then a remote office.  Cisco ASA at both ends.  There is also a VPN tunnel between the two facilities.
We frequently have internet connection issues at the remote office, meaning we lose connection entirely to them.

What would be involved in getting a device that could failover to a second connection, perhaps a DSL connection, automatically.

What makes it complicated (i would think) is the fact there's a VPN tunnel between the facilities.

What would my options be?
Mystical_IceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveNetwork ManagerCommented:
depends on your budget :)

HSRP is a great option, where you run multiple routers and if one link goes down it automatically fails over the second router with the extra connection (DSL)?.. because your ASA is behind your router it would still work, as the destination hasnt changed (if its the originating device).. have a watch of this video to see whether it suits you..

http://www.youtube.com/watch?v=2-EtRgAEHiE&noredirect=1
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
InteraXCommented:
An alternaitve option would be to have the L2L VPN setup as a Network Extension Mode remote access VPN. Then, use SLA monitoring on the remote ASA to determine if the internet connection fails over and change the default route. The VPN would have to be initiated by traffic at the remote end, but the remote users would then be able to connect if the primary link failed.

Review the following for config of the VPN
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ezvpn505.html
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/selected_procedures/asdm5505.html

Review the following for SLA Monitoring.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.