I have an interesting scenario and can't work out how to solve my problem.
We have multiple sites. Each site has two P2P links back to different data centres, in turn the data centres are connected via P2P links. OSPF runs across the network to provide redundant routing so there is no single point of failure. Two of the data centres have Internet breakout via Fortigate firewalls. These participate in OSPF and advertise weighted default routes to the rest of the network. This all works well.
The problem I have relates to one site which connects in via an IPSEC tunnel (from an ASA to the Fortigate in the Primary DC). I need to set things up so that if the firewall in the Primary DC goes down for whatever reason, the ASA at the remote site initiates a VPN connection to the firewall in the Secondary DC.
From what I have found online if we had ASAs at both ends I could make use of the Backup Lan-to-Lan feature. If we had IOS routers (or at least an IOS router at the remote site rather than an ASA) I could use the IPsec Preferred Peer option.
Does anyone know how I can achieve what I need with the hardware currently in place? If I need to replace hardware then swapping out the ASA on the remote site for a Fortigate will likely be the easiest and most cost effective route to take.