I pulled the "vpc peer-link" command off both port-channels and re-applied it. This fixed the issue, but I'm building the configs now and so this is not in production. Pulling that command might take down the system if it is in production.

I think you have three options here.1) implement as is and use static routes or RIP2) If the t1s are the same carrier, then have your carrier bond the t1s and dont make any changes.3) create two contexts out of the main ASA and setup active/active be...

Sorry, wrong guide. Here is the correct one....http://www.cisco.com/en/US/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ft_vpnha.html')">http://www.cisco.com/en/US/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ft_vpnha.html

You would create HSRP groups on both WAN / LAN sides.Here is a guidehttp://www.cisco.com/en/US/prod/collateral/routers/ps5855/white_paper_c11_472858.html

Worked for me. My QL420 + Zebras are working good so far. My summary:Used DHCP reservation instead of staticchanged radius server timeout to 5 secchanged user idle timeout to 28800ARP to 900 (had problems with 1200)unchecked- "enable session timeout"...