Might sound like a basic question.
0. We have 2 ASAs
1. We have setup a site to site VPN tunnel between our ASA (Monash) and the external site (BMC).
2. The inside interface is 18.104.22.168/28 on ASA1 and 22.214.171.124/28 on ASA2 (VLAN303)
3. The outside interface is 126.96.36.199/28 on ASA1 and 188.8.131.52 on ASA2 (VLAN302)
4 Our ASAs are configured in routed mode
5. The servers within our network that need to use this tunnel sit one router hop away from the ASA, i.e. the servers are not on a directly attached subnet to the ASA.
6. Due to 5 above, we've setup some host routes on the downstream router (which is one hop from the ASA), to point to the inside interface of our ASA (i.e. 184.108.40.206). Note here i've chosen to use ASA1 for testing.
My question is how do we setup a resilient setup where if ASA1 goes down traffic is routed via ASA2? At the moment because I'm using ASA1 for testing, the static routes on the downstream router which is one hop away points to the inside interface of ASA1. This works well. Also note, the other end points to ASA1 oustide IP as a peer.
Hope this makes sense.
Any help would be appreciated,.