About system2

Hi,   Looking for some guidance on our setup. I am looking to establish pure ISP failover without having to take action on my / my team's side. Presently when there is an outage, we need to do manual intervention to get connectivity back up.   Here is an overview of our network, internet facing.   ISP A (/30) -> Cisco ASR Router 1 (I control) (/24 ASN eBGP established to ISP A) WAN Interface -> ASR Router (LAN Interface - Public IP in same /24) -> DMZ Switch Stack (VLAN 5 - WAN Facing)   ISP B (/30) -> Cisco ASR Router 2 (I control) (/24 ASN eBGP established to ISP B) WAN Interface -> ASR Router (LAN Interface - Public IP in same /24) -> DMZ Switch Stack (VLAN 5 - WAN Facing)   ISP A = 1Gb ISP B = 500Mb   Cisco Router 1 - No prepend, default route to ISP carrier Cisco Router 2 - Prepend, default route to ISP carrier + ip route x.x.x.x /24 null0   *** (I have found if I take away the prepend and null0 loopback, packets going out cannot route back in)   PA 3020 x2 (Active/Passive) (E1/1) -> DMZ Switch Stack (VLAN 5) E1/1 - WAN IP in the same /24 block above NAT from the PA is dynamic-ip-and-port with the E1/1 Interface IP from untrust to trust zone No PBF but x1 VR in default route, with traffic going to Cisco Router 1 LAN IP for next hop   - I have tried putting in route monitoring in the VR default route to the Cisco Router 2 LAN IP, removing the prepend on Cisco Router 2 and null route and internet stops working from behind the PA.   When ISP A goes down, we need to remove the prepend and remove the null route, change the route manually on PA and clear NAT sessions. Not ideal ...   Can anyone offer any suggestions or thoughts on how to improve the setup? Changing setup, connections, hardware, etc... is all open and fine.   ... View more