I am looking for some advice on a new network design and implementation. We are looking to implement two Cisco ASA 5545X's as well as a core layer, server layer and access layer on the network. The core layer will be made up of two Cisco 3945E devices, the server stack of 2 x WSC3650-48 switches (from which the WiFi, PBX and Servers hang off) with the access layer being made up of 2 stacks of 3 x WSC3650-48 on two different floors.
My question is, we have two different ISP's who will be providing two separate circuits, with the ASA's in Active/Active mode where will the users VPN's terminate? I don't see any routers detailed in the diagram which sit outside the ASA's. Is this a normal configuration to have the routers sit inside the network? I believe if you setup ASA's in HA mode with them being Active/Active they can't provide VPN services?
I'm a little confused with it all. Could anyone advise? This solution has been recommended by two different Cisco partners, so presuming this will work but what are the disadvantages, if any? Thanks