I have two ASA in active/active, multiple context, routed mode setup
The inside interface for each ASA is split into 4 subinterfaces corresponding to the 4 contexts and each subinterface has an IP.
The end users are not connected directly to the ASA but are two routers downstream (ASA -> core (Layer 3) -> distribution (Layer 3) -> access (end user)
All traffic whose destination is internal to the campus network is routed internally either via VRRP at the distribution switches or via a routing protocol (OSPF) between the distribution switches and core switches
My question is:
When traffic is destined outside the campus network (to the internet for example through the ASA), what should the default route be on the distribution routers and core routers given that the inside interface for the ASA has 4 different IP addresses corresponding to 4 subnets.
Yes you need to policy route based on source IP to the spacific ASA context. This is how I solve this problem.
How are you going to make routing decision for users on the core?
You might have to use policy routing on the core for routing to contexts on ASA based on source of the traffic.