Hello Team,
I have a network as attached,
![fmugambi_0-1721641746525.png fmugambi_0-1721641746525.png](https://community.cisco.com/t5/image/serverpage/image-id/223965i5F8AE1377F305162/image-size/medium?v=v2&px=400)
I have a different thread on community to be assisted on the "passive-site" to redistribute the ipsec static routes from the vFTD to the core sw site 2. -This is still on progress as still not working as expected.- despite the ospf red static command on vFTD, the core site 2 does not learn the remote ipsec networks.
If we were to unblock this, then follows my next challenge;
core sw site 2 would know remote network ipsec networks, so how would this operate to avoid assymetric routing, where, traffic comes in from active site say to site b vlan/server, the server responds back, traffic gets to core sw site 2, how would this device route the traffic? via vFTD on passive-site or back via mpls to active site ftd then to destination?
is there a way to control this thats more efficient than shutting down interfaces at passive-site, and unshutting them once active-site has an issue and you expect to failover traffic to passive-site?
your support, thoughts and ideas on this will be much appreciated.
Thank you.