The thing is that both firewalls needs to sit behind the same subnet so the failover can be 100 % successful ( all the interfaces being monitored on the right way) as you said you will need a router and then do PBR on SLA on the router.
Concerning to the ASA I do not see a way to make this work on an active/standby failover as they need to be on the right same subnet.
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...