Hi All,

I have an international hub-and-spoke VPN-based network consisting of 164 branches and a data center with two ISP circuits in the US. Presently I have no automated redundancy. The two ISP circuits live on different firewalls, but connect to the same 6509 core switch. The way I have it set up presently is all of North, Central and South America all VPN into ISP #1 connected to firewall #1, and all of EMEA/APAC VPN into ISP #2 connected to firewall #2. The 6509 core switch then has static routes to the subnets of the branches, pointing to whichever firewall the VPN is built on for a given branch. The firewalls then have the mandatory default route out to each respective public gateway. The downside to this, of course, is that if one of the ISP's goes down, half of the my sites go with it, because there is no automatic redundancy to fail the sites over, since all of this is static.

My VP came to me this morning. He wants to use BGP to fix this, but the way he understands it working is not a way that I've ever understood BGP to work. His understanding is that you can have one firewall, with both ISP lines connected into it, and set up a trust between ISP 1 and ISP 2 and eBGP peer to both of them from your ASN to their ASN. Then, when ISP 1 fails, ISP 2 will take over in such a way that is NOT traditional active/standby circuit failover, but is rather that ISP 2 will provide the transport routing via it's own transport path back to ISP 1's IP subnet, even though ISP 1 has failed. 

The end result would be that although ISP #1 is unreachable over it's own ISP's transport infrastructure for whatever outage related reason, BGP would change paths to provide connectivity to ISP 1's subnet, but over my ISP 2's transport infrastructure, and that would mean that all of the branch ASA's static IPSec VPN configs (peer IP address) would never need to change to ISP 2's address when ISP 1 is technically down.  Has anyone ever heard of this?