I have a new L2L VPN implementation going into place using two 2811s as the terminating VPN devices. I was going to try to use an HSRP address between the two routers public interfaces as the VPN peer address. The problem I found when testing is that the tunnel doesn't become active and debugs show the HSRP address as an invalid address to form the tunnel. Any one have a work around, or a better plan for redundancy on the peering address using similar devices? Thanks in advance.
Take a look at this doc regarding IOS IPSec HA.