I have a client that is requesting redundant internet connections using 2 7204 routers to 2 asa 5520 in an active standby configuration. There is no load balancing requirement this is strictly for failover. The issue that I am having is that I have to have 1 of there public IP addresses on the Lan side of the 7204 for the ASA connectivity. Because of this both routers advertise out their public subnet to the respective providers, but the issue is that when the wan link on the primary router fails and traffic traverses the secondary wan the return traffic comes back in the secondary wan and stops because it sees the link to the asa as being up even though the asa is in standby. No matter what route manipulations I do a directly connected route is alway going to be better. Can anyone help with a scenerio on how I can get this to work. Below is a rough sketch:
Verizon------Router A (Primary)-----ASA A (Active)--------------Nexus1
| | |
| IBGP | Keepalive | VPC Link
| | |
AT&T---------Router B (Backup)-----ASA B (Standby)------------Nexus2
