I have two sites with Cisco routers (one a 3825 and the other a 2811), connected via a T1. Each site also has Internet access (through a T1 at the site that has the 3825, and through DSL at the site with 2811). I have two SonicWALL firewalls that maintain a VPN tunnel across the Internet between the two routers. If the T1 between the two sites goes down, the routers immediately reroute through the VPN and connectivity between the two sites stays up. I've tested this and it works quite well.
Here's my issue: each site accesses the Internet through its own local Internet access point; that is, the site with the 3825 access the Internet through its T1 and the site with the 2811 accesses the Internet through its DSL. What I want to do is have the site with the2811 send all its Internet traffic across the T1 connection to the 3825 and out the 3825's T1 connection to the Internet. Of couse, I could just change the 2811's ip route 0.0.0.0 0.0.0.0 to point to the 3825, but if that T1 goes down, I want the 2811 site to revert to going straight out the DSL to the Internet.
To sum up: users at the site with the 2811 should normally access the Internet by going across the 3825 then out, but should be able to access the Internet directly if the primary route is down.
The setup looks like this:
(Cisco 3825) (Cisco 2811) | | | | (Firewall) (Firewall) | | | | (T1 to Internet) ......... VPN ............... (DSL to Internet)
Send 2811's Internet traffic across the T1 to the 3825; if the T1 is down, send it straight to the DSL