Any ideas for a VPN failover or Fault tolerant VPNs?

[FoneFun]

We've been banging our heads on this one and have not come up with any working solution so I figured I'd post it here.

We've got a VPN over the internet that connects Site A to Site B. As a backup, each site got a 2nd internet connection, and we've confirmed that from Site A's 2nd connection to Site B's 2nd connection, it takes a totally different path on the internet.

Our main VPN device is a PIX on each end.
As the 2nd VPN device, we're using Cisco 800 or 1600 on each end.

The only thing we could figure to do to make this work requires that we manually make route changes on both side's default routers.

So normally, when the main VPN is up, Site A's router send all traffice destined to Site B to Site A's PIX, and Site B does the same.

When the main internet connection is down (and hence the main VPN), we need to change route statements on both end to send traffice to the backup VPN.

Does anyone know how to do something like this through Cisco IOS so that it automatically does this? Or should I start looking at fault tolerant VPN hardware?

 

[computerhighguy]

BGP. BGP would be the best way to handle this. Running BGP can be a problem. Lots of ISps do not like to help you run BGP. Some ISPs do not advertise BGP routes that are more specific than a /17. I have a /24 that my ISPs are willing to advertise. The IP structure is actually owned by ISP A and they are letting me "rent" the IP addresses from them. Saving me some time with ARRIN. So basically I am sharing one /24 between my two ISPs (1 T-1 to ISP B and 2 T-1s to ISP A).