For disaster recovery purposes, we have two ASA's. One is at our main corporate office, the other is at an offsite DR facility. I have worked up a vpn configuration for the remote offices that should allow them to automatically failover to the DR facility if corporate goes offline for some reason. My concern is with the ASA itself. We have OSPF setup on each ASA that advertises the remote office subnets that connect to it. Even if that office is not connected the ASA still advertises that it can route that subnet.
Is there a way that we can only have the ASA advertise that it can route a subnet if a particular tunnel is up or do we need to use a manual procedure to fail over the remote endpoints to the DR facility ?