We are implementing direct IPSEC spoke to hub sites with a primary and secondary peer. Other than doing GRE to provide OSPF to the remote sites is there anyway to failback to the primary hub site after the spoke site has already failed over to the secondary hub site?
Eg. Spoke site with one ISP connection out (internet) and one static default route.
Setup with two crypto peers, one default (Primary), and a backup (If the primary goes away)
Two Hubs sites running OSPF on the inside with reverse route injections and dynamic peers for the VPN's.
Remote site cannot see the primary hub, re-established tunnel to secondary due to crypto peer statement, secondary hub site answers, tunnel is established and RRI puts spoke site routes into OSPF. Primary hub site it visable again (from spoke) and we would like to remote site to fail back to the primary site automatically.
Is this possible (the fail-back part)?
If not it means going the GER/OSPF route at the spoke sites and using costs to control the fail-back.
Thanks in advance,