I am trying to figure out the best way to set this up on an ASA (9.6).
We want 10.0.1.0 to go out ISP1 unless it fails, then choose ISP2.
We want 10.0.2.0 to go out ISP2 unless it fails, then choose ISP1.
(This is for simplicity there are several networks)
Would this be the way (SLA for tracking not shown, but working):
object network obj_10.0.1.0_PRIMARY
subnet 10.0.1.0 255.255.255.0
description OFFICE_SUBNET
!
object network obj_10.0.2.0_PRIMARY
subnet 10.0.2.0 255.255.255.0
description VOICE_SUBNET
!
object network obj_10.0.1.0_SECONDARY
subnet 10.0.1.0 255.255.255.0
description OFFICE_SUBNET
!
object network obj_10.0.2.0_SECONDARY
subnet 10.0.2.0 255.255.255.0
description VOICE_SUBNET
!
route-map PRIORITY_ISP2 permit 20
match ip address priority-ISP2
set ip next-hop verify-availability [ISP2 IP] 1 track 1
set ip next-hop verify-availability [ISP1 IP] 2 track 2
!
access-list priority-ISP2 extended permit ip object obj_10.0.1.0 any
access-list priority-ISP2 extended permit ip object obj_10.0.2.0 any
!
route outside 0.0.0.0 0.0.0.0 [ISP1 IP] 1 track 1
route isp3-outside 0.0.0.0 0.0.0.0 [ISP2 IP] 60 track 2
!
object-group network ISP1Primary
network-object obj_10.0.1.0_Primary
network-object obj_10.0.2.0_Secondary
nat (any,ISP1) after-auto source dynamic ISP1Primary interface
!
object-group network ISP2Primary
network-object obj_10.0.2.0_Primary
network-object obj_10.0.1.0_Secondary
nat (any,ISP2) after-auto source dynamic ISP2Primary interface