Hello All,
I am trying to engineer a solution that will use two ASAs, each terminating a different ISP and need to use a single user vlan to use one ISP and all others the second ISP. The inside network is HP Procurve and supports PBR so I can implement next hop on vlan basis. In this scenario, both ASAs will be active (and they will not be in failover mode, they are currently set up as active / failover with both connecting over to same ISP, via an external switch).
Since Procurve switch is not licensed for OSPF, but does allow RIP, so I was thinking of running RIPv2 between two firewalls and the internal switch. And I also need to track the health of ISP circuits via SLA Monitor. And was planning on having ASAs advertize a default route with different metrics and with a route map. Is it possible for me to influence the advertizement of default route by the SLA monitor tracking, so that if ISP fails, then default route is withdrawn and the second firewall witch is advertzing a higher metric default will become prefered by the LAN switch?
I have done this with Juniper and Fortigate firewalls (one each) running OSPF with HP Procurve switches and ISP tracking and both firewalls hardware failover is all covered and works great, but have never implemented IP SLA / SLA monitor for two ASA and two ISP scenario with also the need to do a PBR.
I do notice that I can do default information originate for RIP with Route-map keyword, but cannot figure out the required code for route map tracking the status of ISP object and thus trigger withdrawl of advertizement of default route by associated ASA.
Will appreciate if I can get some advice on this please.
Thanks
Devinder Sharma
