Failover DR related Question.
We have an established Site2Site VPN connectivity between ASA and checkpoint as in pic (Firewall 1 and Firewall 2)
we want to have DR tunnel Site2Site VPN (Firewall 1 and Firewall 3)
Problem is that Site 2 and Site 3 has a layer 2 auto failover using NSX VMware technology and encryption domain is same for these tunnels.
What is the best way to achieve this auto failover in case of Firewall 2 site is destroyed..?
layer 2 failover will only happen if firewall 2 is unresponsive.. or in case a disaster. meaning the failover of Layer 2 IP's will happen to firewall 3. Can i achieve this with same encryption domain IP's? and will ASA be smart enough or a change will be needed there as well.. Open to ideas if someone has worked in a situation like this or if there is an SK which can guide me ..?