Hello mis.network,
>> My private subnets like 192.168.XX.XX/24 & 10.64.XX.XX/24, traffic for those subnets goes via IPSEC & it has to go over ISP-1 only
According to your network diagram you have internal devices in the LAN, those devices should use specific static routes or PBR to send intranet traffic directly to the IP address of the router connected to ISP1.
A default route pointing to the IP address of the second router that connects to ISP2 should make internet traffic to go to ISP2.
This however does not provide redundancy in case of failure of ISP1 link or R1 router or in case of failure of ISP2 link/R2 what you would like to do?
To provide failover you should use two different HSRP groups one where the active router is R1 with its VIP address to be used as next-hop for specific routes / or PBR (Policy Based Routing) the other HSRP group VIP2 would provide the next-hop for the default route (you need also NAT configuration ) with R2 being the active router for HSRP VIP2.
You should track the status of each WAN link on each group.
Note: all these configurations should be done on internal devices before packets enter one of the border routers, otherwise you cannot achieve the desired results because there is an order in processing so in your attempt the static routes from R2 to R1 may be ineffective because packets are processed by IPSEC VPN on R2 before attempting to route them.
This is the reason for moving the decision to internal devices that do not perform NAT or IPSEC.
Hope to help
Giuseppe
