i have tried to test this in my testing environment with no luck. my goal is to have a network comprised of a main office router, Router-A (2621) and a remote office with Router-B (837-adsl) and a Pix in between the Internal network and Router-B. In addition at the remote office there is a Pix with a cable router in front. The pix has a routable network on it. Internal to the remote office is a 2611 used as the gateway interally.
I have an ipsec vpn setup between Router-A and Router-B and ipsec vpn between Router-A and the Pix behind the cable router. The primary gateway from the internal network is the Pix behind Router-B. They both work redundantly if the 837-dsl is down the gateway on the internal router can be pointed at that and everything flows. This takes a manual change to the routing on the interal router to get it to point to the Pix behind the cable router, not ideal. Ultimitly i would like the Pix firewalls to pass the correct routes to the internal to determine what path to take. i have loopback networks traversing the ipsec on the routers. i tried to create a tunnel and use the loopback as source and desination for GRE. i tried OSPF, i had the routes on the internal network for a moment only to see the tunnel go down and complain that it was recursive routes. Anyone got a helpful solution to this?
the layout for path one (this is the primary path for the internal network back to ROUTER-A) ROUTER-A (2621) || ipsec || ipsec ROUTER-B (837) || || PIX (506E) || || INTERNAL (2611)
===============================
the layout for path two ROUTER-A (2621) || ipsec || ipsec PIX (506E) || || INTERNAL (2611)