I am facing a problem at one of my client site. The scenario is that there is one HeadOffice with two DSL links terminated on one router and there are two branches with one DSL link terminated on their routers respectively. The client want that branches will make vpn to both links at the HeadOffice such that branch-1 will use link-1 as their primary VPN link while link-2 will be used as the backup VPN link and branch-2 will use link-2 as their primary VPN link while link-1 will be used as the backup VPN link. Also customer wants that their users also access their LAN at headoffice & branches from outside using remote access VPN. I achieve VPN failover using dead Peer Detection this works fine some times it start creating problem and when I insert a command for authentication of remote access VPN users (cryto map mymap client authentication list local) then my site to site VPN's does not work properly and stuck at the CONF_XAUTH stage please help me in this issue if anyone has the solution to this problem or any other method please let me know that how can I fulfil the client requirements. I am sending the diagram and also the configuration of head office and branch routers.