using IOS firewall on a 2811, management wants to have VPN peer redundancy on the 2811 remote office two different regional 3030 concentrators. The remote 2811 has a current VPN LAN-to-LAN with one of the 3030s. There will be two separate Ethernet LAN connections and one Ethernet WAN connection to the ISP edge router. Question is how would one configure the 2811 to support two different VPN peers with one LAN going to one VPN peer and the other LAN going to the other VPN peer?
Apologies but i'm obviously having one of my stupid days because i'm still not fully understanding.
crypto map ctmap 10 ipsec-isakmp
set peer 141.x.1.12
set peer 141.1.x.12
set transform-set ctset
match address 102
what the above will do is use 141.x.1.12 as the VPN peer. If that VPN peer is down for some reason then 141.1.x.12 will be used instead. So this does provide some level of redundancy.
Where i'm getting a bit confused is from your original description ie.
"There will be two separate Ethernet LAN connections and one Ethernet WAN connection to the ISP edge router."