Here is the scenario.
ASA ( 1 link connects to ISP1)
( 1 link is 192.168.1.1)
PIX ( 1 Link to sepearate ISP2)
( 1 Link is 192.168.1.2)
Router ( link 1 192.168.1.254)
6509 Switch (connects all ports)
There are 1 to 1 translations on the PIX and ASA's for public to private mappings. Lets say ASA takes ip add 22.214.171.124 and translates it to 192.168.1.100. The PIX translates 126.96.36.199 to 192.168.1.100... there will be 2 public DNS A records. As the cutover starts. So 192.168.1.100 will need to be available from both ISP's at the same time.
The problem: So a packet will come in, will get translated, will goto 192.168.1.100 (from the pix or asa). From there 192.168.1.100 will get the packet and will send the traffic to its default gateway (the router 192.168.1.254) The router has a defualt route to the PIX. So traffic coming in from the PIX will go back out the pix. Traffic coming in the ASA will go back out the PIX. Thus killing the connection. So how can i solve this with the devices at hand. What i came up with was this:
1.) Set the PREC value to 5 coming INTO the switch from ASA
2.) Reflexive ACL matching PREC 5 on port going to server OUTBOUND
3.) Set PREC 5 coming IN from the switch from server (192.168.1.100) using
reflexive acl to match traffic going back out
4.) Policy route based on PREC 5 on the router.
The problem is the ACL in step 2 cannot be applied on an outbound on a switchport. The opttion doesn't exsist. So i thought of using a VACL, but there are only action permit or action forward so i am not sure if the reflexive ACL will work for that.
Any Ideas? I hope i explained it well enough.