I have two sites connected utilizing IPSEC with an ASA 5510 at each site. A T1 is terminated at both sites by the ASA. A site-to-site IPSEC vpn is established through the ASA. Traffic at the main site flows from the ASA 5510 to a Catalyst 4507.
We now have a secondary ASA 5510 at the primary site connected to broadband with a route map on the 4507. The route map pushes internet traffic out the secondary ASA and VPN traffic out the primary ASA.
I would like to establish a redundant VPN from the remote ASA 5510 to the local secondary ASA 5510. I'm having a problem conceptualizing routing between the Catalyst 4507 and the secondary ASA. With IPSEC vpns how can I make the Catalyst understand the secondary route to the remote site and use the secondary route when the primary T1 fails?