- Purple, 4500 points or more
I have the following topology (attached), and I've got a question about the routing. If I have a static nat statement pointing to a DNS server on the DMZ, the routing table will show that it's a connected route. Can I use a floating static to accomplish routing to the DR side if the primary DNS ever fails? Would I need more than one static translation, and how would the ASA know that the DNS server is down anyway? Am I going to need to introduce a router between the ASA and DNS server, and then have my routes configured on the router instead?
Is there another way to handle failover DNS on different subnets in the ASA?