I have a central office with a Juniper SSG5 firewall and 4 remote offices with 1721 routers setup with IPSEC VPN in a full mesh.
I have a Verizon wireless modem w/ static IP and router that I would like to configure as a backup device for the 4 remote offices in the event of an ISP failure. I was thinking about adding another Ethernet WIC to each 1721, configuring the SAME subnet between the 1721 and wireless router on each 1721, and set a lower preference default route towards the wireless router.
This SHOULD(?) take care of the remote end, but on the central office side, I'd have to configure an IPSEC tunnel for the Verizon static IP, but wouldn't be able to define the remote networks because this would be dependent on whichever site fails.
Any design recommendations to make this completely automatic? Dynamic VPN? etc..