Ok. I answered my own question. Since all the directions seem to presume a simple environment, I realized that what it needed to do, was add a route to the route table for the Azure firewall, so it knows how to get back to the active unit. In particular, where to get back to the client address pool addresses. The rest of the route table mangling appears unnecessary.
Having issue routing return traffic from Azure Firewall to ASAv address pool
We have a configuration where the Azure Firewall is our main firewall. All traffic passes through it on its way somewhere else. We have also installed a Cisco ASAv HA solution for a particular VPN need.
Internet -> ASA vpn -> Azure Firewall -> various servers -> and then back again
The routing is working, up to a point. But the return path stops at the Azure Firewall, as if it did not know what to do with it. This can be corrected by adding a route in the Az firewall that points to the inside IP of the primary ASA. But this breaks HA.
The inside interface of the Asa is on a subnet that includes the address pool, so I'm not sure why the firewall cannot determine a path back to it.
And the problem is specifically in regards to the ASA address pool that clients use to get an address. The ASAs have no issues currently getting to where they need to go.
Looking for any hints or ideas on how to make this work. Or something that would provide the same function.