i've this design actually:
ASA01 - Connects to ISP01, its LAN ip address is: 192.168.1.1
ASA02 - Connects to ISP02, its LAN ip address is: 192.168.1.2
After them, a cisco 3750 switch that connects with these two cisco firewalls.
On all of three above, i've created OSPF networks.
In two firewalls, i've created default routes 0.0.0.0 0.0.0.0.0 with object tracking.
These defaults routes, are distributed via OSPF to switch also. So switch itself, learns it default route via one of the two Cisco Firewalls (the one of ASA01 has lower metric).
In cisco switch, i've create different VLANs, for users, servers etc.
the VLAN where two asa are connected is vlan 5 with ip address: 192.168.1.3
Actually, on cisco switch, i've create a route map, that traffic that originate from Server IP to always go to ISP02. This server IP is 10.1.1.18
The VLAN of server in cisco switch has IP address 10.1.1.3.
The servers have as default gateway the ip address of 10.1.1.3 (the vlan IP)
Now, i've to replace this cisco switch 3750 with another L3 switch (not cisco), that support ospf, BUT DON'T SUPPORT AND DON'T HAVE ROUTE MAP.
With this new switch, i've problem that server with IP 10.1.1.18 always use ASA01 as default route, but i want that this server to be routed to ISP02 via ASA02.
What can i do?
I am wondering if it is possible for you to place the server-facing switchport and the ASA02 -facing switchport in the same vlan then configure ASA02 as gateway in the server with bypassing the switch's SVI .... ?
The server are running in Virtual Machines, and physical server are connected only to switches.
I've done this test, and it failed also.
Put the server on VLAN5 of ASAs, and put as gateway the ASA02 IP 192.168.1.2
And the server did not connect to internet via ASA02, but it uses ASA01, as ospf is running on them.
This change necessitates assign a IP in the range of 192.168.1.x to the server.
If you got them in the same vlan with the IP changed also, can you get a resolved ARP entry for 192.168.1.2 at the server ?
Yes, i also change the IP of server in that range, i put an address of 192.168.1.8.
Also, i ping succefully both ASA01, and ASA02, so arp entry was correct.
The problem is that ASA02, don't forget to ISP02, but forward request to ASA01.