Steelhead w/ ASA network topology




We have a standard serial cluster deployment with multiple links and are making a change to the topology. We are adding Cisco ASA firewalls in an active/standby pair. The Steelhead will be on the outside interface of the ASA. The ASA will use dynamic routing with the WAN routers for path selection. My questions are; 1) any concerns/issues with a single network for the inpath interfaces? 2) limitations issues with the steelhead on the outside of the ASAs?



         |--- ASA(act) --- L0 RB2 W0 --- L0 RB1 W0 --- Router1 ---  |

LAN  |           HA(.24)                                                              | WAN

        | --- ASA(sby) --- L1 RB2 W1 --- L1 RB1 W1 --- Router2 --- |


RB1 inpath_0

RB1 inpath_1

RB2 inpath_0

RB2 inpath_1

ASA outside