I am working on a configuration for a client and have run into a problem. The customer will have two ISP's connecting to their network.
I need to be able to setup client VPN access on either ISP connection. TAC has given me answers that I can and cant to it;
The scenario I am working on is that most of the time, any remote access will occur over ISP1. Only if there is a failure of the ISP1 connection would the users revert to using ISP2. I tried configuring anyconnect to operate over both connections but couldnt get it to work. If I have the configuration set to use only a single interface on the ASA, everything works just fine over each interface when I try just ISP1 or ISP2. If I try to enable the configurarion over both ISP connections, I cant establish a VPN connection over either connection.
Since I am using a self signed cert (at least for now), I thought that having a single cert might be causing the problem. I created a second cert for the ISP2 connection but still ran into the problem.
Since TAC intially said that I couldnt do this with Anyconnect, I thought that if I tried Anyconnect on ISP1 and IPSEC on ISP2, that I might just be able to get to work but no joy.
I find it hard to believe that it isnt possible to have more than one single public interface setup to handle client vpn connections. Has anyone else tried this and been able to get it to work ?
My apologies I should have clarified a bit more. I am doing this on 2 firewalls but the firewalls are in HA configuration so we have total of 4 physical firewalls. I'm very curious about what you are trying to do going to do some research and see if I find something.