We have an ASA here with two ISP links running directly to it. The ASA provides Lan-to-LAN VPN tunnel services between us and our partner company. The partner company has two separate sites, which we will call Site A and Site B.
Our ASA's primary ISP interface has a VPN tunnel connected to Site A. The secondary ISP interface has a VPN tunnel connected to Site B. Therefore, considering our primary ISP is up, and Site A's ISP is up, then all traffic will flow over this tunnel as we have a static route that says all traffic to remote site, go out Primary ISP interface. We have another static route with a higher cost for the secondary ISP interface.
What we need to incorporate is some form of redundancy where if the tunnel goes down, we start to route all traffic over the Site B tunnel. The trouble is, I know we can track static routes and things for IP connectivity, but can we track tunnel status or something else?
My concern is if IP connectivity between Site A is fine but for whatever reason, the tunnel goes down, the ASA has no way of knowing this and will just keep trying to send traffic this way.
I hope this makes sense and I look forward to hearing some recommendations! Thanks in advance,