Cisco - Site-to-site IPSEC vpn failover

Does anyone have any experience with site-to-site VPN failover?

I have a router and an ASA at a remote site and a router at the main site.

Could I have one ISP terminate at the remote router and another ISP terminate at the remote ASA but have both of them as VPN peers of the main site's router?

I know this isn't a great deal of info...

hello skepticals, can you please explain more.

do you have 3 sites:

site A: ASA with ISP-1
site B: Router with ISP-2
site C: Router with ISP-3

and you want to connect all 3 of them via VPN?

or you have 2 sites:

Site A: ASA with ISP-1, Router with ISP-2
Site B: Router with ISP-3

Sorry about that.

Site A (Main Site): Router

Site B (Remote Site): Router and ASA

Site C (Remote Site): Router and ASA

All remote sites have two ISPs. One connects to the Router and the other to the ASA. There will be a T1 in the router and either DNS/Cable in the ASA.

Is there a way to have a VPN to the main site A, from both B and C... and have it failover between the remote site connections of one fails. For instance, if the T1 at site B drops, the VPN will work over the backup DSL/Cable connection.

Thanks!

That sounds possible. I would do the following:

Router A:
GRE Tunnel to Router B & C running EIGRP between the three

Router B:
GRE Tunnel to Router A
Two Static default routers
ip route 0.0.0.0 0.0.0.0 (ISP Next Hop)
ip route 0.0.0.0 0.0.0.0 (asa) 200 (this will make the first the preferred route)

Router C:
GRE Tunnel to Router A
Two Static default routers
ip route 0.0.0.0 0.0.0.0 (ISP Next Hop)
ip route 0.0.0.0 0.0.0.0 (asa) 200 (this will make the first the preferred route)

Then just allow EIGRP to populate the routing tables. GRE is pretty resilient, when configuring the destination you use a ip and then it just checks the routing table on how to get to that destination and our default routes will take care of that.

Here is a configuration example:
www.cisco.com/en/US/tech/tk583/tk372/tec...186a008023ce5b.shtml