Hi MHM,

Please suggest what features are required for this.

Thank you

Route ospf 100 

Network <encrypted subnet>

Network <subnet of link between router for encryption traffic>

Router ospf 200

Network <non encrypt subnet>

Network <subnet of link between Routers for non encrypt traffic >

MHM

Ok, but how switch will shift  the link from Encryptor to Non-Encryptor ?

BTW, multiple router processes feed same router's route table unless you use VRFs.

How that if I dont use redistrubte?

I am clear in my suggestion commands' use network not redistrubte.

@kasulasaiganesh run also two ospf in SW to separate the ospf db.

MHM

"How that if I dont use redistrubte?"

Because it's not a question of copying (redistribution) one router process's routes into another router process, same router, but how router processes populate the router's route table, same router.

What you're proposing, is a variation of what Cisco, years (decades) ago referred to a ships-in-the-night.

If the issue is unclear, as you do excellent labs, lab it up.

As mentioned in my prior reply, if you also used VRFs, the issue I'm describing shouldn't be an issue although unsure your approach would work if fail over is considered (which OP did not) or things like OP drawing shows switches as L2, which might negate your ". . . run also two ospf in SW to separate the ospf db."

Oh, rereading my replies my be taken to imply what @MHM Cisco World suggested cannot work.  If so, that's not (necessarily) the case!

All I'm noting, by default, the two OSPF router processes will place all their routes into one composite route table, per router.  However, although both OSPF processes would be in the route table, what I believe @MHM Cisco World has in mind, not all remote networks would have the same next hop, which is what OP desires, i.e. different paths.

As I mentioned in my prior reply, handling link/path failures is a possible issue.  Also noted in @MHM Cisco World initial reply.

@rais that is just encryption box and it doesn't know any ip routing just in/out interfaces are there.

1. See First user requirement is when he is try to send any traffic it should go through the encrypter link and it reach to the router and router will forward the traffic based on the  1st priority (Radio Link). 

2. Second thing is configured priority for each uplink manually in interfaces.

# Int gi0/0/0

# ip ospf cost 10 (Radio Link)

# int gi 0/0/1

# ip ospf cost 20 (VSAT Link)

# int gi 0/0/2

# ip ospf cost 30 (CUC Link)

I observed failover is working upto now it is ok. 

But the problem is user does not want to send encrypted traffic through VSAT link. My questing is when we lost the connection from primary link  (Radio link) how switch side shift the link from Encrypter to Non-Encryptor link.

At switch i configured IPSLA.

Please help me 

Thnak you

@rais No, here i'm not configured lag.

I used ipsla for both links. see, that only i'm asking All uplinks except 1 VSAT link traffic should go through Encryptor and Encrypter to router and desired uplink that means( Radio, cuc, E1,fiber)

And non-encryption  traffic should through Non-Encryption link and Router and VSAT Link.

 Manually configured cost value for each link. User preference is Radio link & CUC link Primary and Secondary and ( both should get traffic from Encrypter). If this two link fails then user next preference is VSAT link (Non-Encryption traffic should come).

This one is ok. Links is shifting from radio to cuc and cuc to vsat. I got neighbour between two ospf routers router also formed.

But here my problem is at switch side How ip sla link shift to primary to secondary. When VSAT Link has been formed.

Cisco tac is suggesting PBR is it write?

@rais Yes i have tried vrf and PBR. As per above scenario PBR is not working. 

Today, I have tried with acl's it's working now From Encrypter to Router uplink( Radio, E1&t1, CUC) and from Non-Encryption to Router (VSAT link) working.

Thanks everyone for you support.