
I have a remote office with two active VTI tunnels for redundancy, each tunnel connecting to a different datacenter. EIGRP is running on everything (remote router and both FTD firewalls).
If ISP 1 is down, everything works via ISP 2. Meaning I can still ping both server A and server B.
Vice versa if ISP 2 is down, I can also still ping both server A and server B.
The problem is when both ISPs are UP. When EIGRP does its thing, the routing table on the remote router has both networks for server A & B advertised over tunnel 1. When the remote office tries ping server B, it does not reply. What happens is that server B does get the request (verified by packet capture), BUT it's sending the response out tunnel 2 (which was not the original source of the request and gets dropped by the firewall).
Is there a way to make sure the response goes back the same way the request came in? Alternatively, if there's a way to only enable tunnel 2 on the remote router if tunnel 1 is down, that could be another solution.