I've got two ASA5510's, I have SITE-A and SITE-B
SITE-A connects to the INTERNET on one circuit and an MPLS circuit on different interfaces on the router.
SITE-B connects to the INTERNET and MPLS on the same circuit.
My outside interface on the ASA at SITE-A has a public address of: 126.96.36.199. On the router, it NAT's that address to 10.25.25.5/29 when going out the MPLS interface.
At SITE-B, the outside interface on the ASA is 10.25.25.13/30 which has public ip address 188.8.131.52 nat'ed to it.
Currently, I am able to create two distinct (one at a time) tunnels which route the appropriate traffic through them. One tunnel is done completely over the MPLS circuit from site to site. The other tunnel goes out of SITE-A's internet connection, and jumps on the MPLS providers public network, then onto the MPLS network to get to SITE-B.
These both work marvelously. I am trying to accomplish haveing the IPSEC tunnel go over the MPLS circuit by default, but in the event that SITE-A loses MPLS connectivity, the tunnel will go over the internet.
These tunnels are currently landing on the ASA's and are not originating or landing on the routers, so I can't use (that I know of) routing on the router to determine which site to connect to.
TUNNEL-A = 10.25.25.5 to 10.25.25.13
TUNNEL-B = 184.108.40.206 to 220.127.116.11
Any information, or advice about this configuration would be greatly appreciated.