Hello,

I had this architecture tested and working well in a lab, but I neglected that our production environment leverages OTV.  This apparently changed the nature of my HSRP configurations, identified in red.  I originally had object-tracking set up on those two routers, but now with the realization that FHRP isolation will not allow advertisement of HSRP hellos between the peers, I am forced to decide if this architecture is still tenable?

The above diagram represents my new thoughts on this connectivity.  To explain, there are two firewalls in a failover pair connected over an OTV vlan, and two point-to-point circuits (WAN 1, WAN 2) where the the four routers in the middle form an EIGRP process.  The red HSRP group was initially going to operate normally, but now I have active/active due to this FHRP isolation.

I cannot find any reason why this would not work.  I also cannot find any common failure scenario where this would introduce significant risk.  This new design may introduce a few more asymmetric routing scenarios than the first iteration, but I don't think that's the end of the world considering a fix for a broken link or down P2P circuit is usually only a few hours out.

Can anyone find fault with this solution?  Please let me know if you need any more information about this setup.  Thanks.

Jeff