In article , Brian P. wrote: :I'm trying to create a backup line for our wireless connection.
:When I'm testing, it works when I disconnect the wireless connection. :But when connect the wireless connection again, the traffic continue :through the VPN tunnel.
:How do I configure, the equipment, so it only use the VPN tunnel, :when the wireless connection are down
You need the left-hand side to be reconfigured the same way as the right-hand side. In particular, you need the PIX 515 to be between the gateway router and the network, so that the packets never reach the PIX when the routers agree that the wireless link is working.
There is no way to get PIX with 6.x software to detect that a link is up or down and change their routing in response, and there is no way at present to get a PIX 501 to accept packets directed to it and have it redirect them back into the same interface. [The PIX 515 could in theory be upgraded to PIX 7.0 that can do that in some circumstances that aren't useful to you in this topology.]
So, you need something else (the routers) to cut the PIX out of the link when they detect that the wireless link is functional. They could do that by having a "floating static route" to the PIX and having a dynamic route with a higher priority that is read off through the wireless link. When the routing updates are no longer being received through the wireless link, the routers would delete the dynamic route, and then would see that the route with the highest priority remaining goes through the PIX and would start routing that way.
For more information about these kinds of setups, I suggest that you see Vincent C. Jones' web site -- and consider supporting him by buying his book on High Availability Networking, which explores a number of different ways of handling these situations, each with their own trade-offs.