redundant VPN solution

Hi All,

I am wondering if anyone could help me with my VPN problem:

Given 2 routers, one main office, one a satellite office and they are connected through an SDSL and an ADSL line. SDSL is used explicitly for VPN between the 2 sites, while ADSL is used for everything else (internet traffic).

So it looks like this:

[]========[]

So far it is a piece of cake.

However, what my manager would like is to make the VPN connection redundant by bringing another VPN up on the ADSL line in case the one on the SDSL went down. I was thinking about HSRP, but given that there is only one router per site, I do not think it is an option.

What i have been thiking about was to use GRE tunnels over IPsec so that we can use routing protocols. This would enable us to track the lines, but I am still not sure how the redundant ADSL VPN would come up in case the VPN on the SDSL line would go down. Should I use interface tracking with default routes (using different admin distances)?

I am totally confused...and would really appreciate if someone could help me.

Thanks in advance,

attish

ps: if i have forgotten to mention any important details, please let me know

I just did a similar vpn connection like what you have, both sites only have 1 router.

What you needs is to create 2 second crypto map on top of the first one, and create another static route with higher administrative distance so that the first link go down, the second link will be up.