I would like if possible to configure this scenerio.
I have remote sites with PIX 506 s connecting to a cisco 2801 router with VPN AIM. This is working correctly. Now i have also a second 2801 for redundancy purposes. If i set the pix up with a second peer address of the 2801 #2 ISAKMP phase 1 completes successfully and i get 2 tunnels formed on the PIX . However a proper ipsec sa does not get generated for the second connection.
What i would like is to essentially load balance the traffic across the 2 vpn routers from the pix. I can accomplish this without a problem from the router side using equal cost routing but on the pix only one of them is allowed to be active at a time in an ipsec sa standpoint.
Is there something i am missing or is it not possible