I have a remote location that connects through Sprint to my central site (NYC)via a Sprint directed VPN called a half-tunnel. I recently had a new circuit installed at the remote location for redundancy which points to the Internet and I have set an IPSec site-to-site VPN from my PIX in NYC to the remote location. I configured the Sprint facing router with an alternate default gateway to point to the redundant circuit. When I fail the Sprint facing circuit the Internet traffic continues to work through the other circuit, I transmit pings to create interesting traffic and the site-to-site VPN comes up. But the return traffic doesn't seem to find it's reurn path. The NYC PIX is connected to the Sprint VPN via an IPSec VPN. Can I set NYC PIX to direct the traffic to an alternate VPN if a failure occurs. We will be migrating to full MPLS soon, but I wanted to make this work as described now. Is it possible?