Lets see here's my soln, let me know if its ok with you. 1841 , primary router and Firewall are on the same LAN and both routers run HSRP , default of firewall to HSRP IP. Run 2 GRE tunnels to from each CPE to both routers with keepalives. If primary link fails , default flaps to other router and primary tunnel at CPE side also goes down. So you get automatic fallback.
Hope there are better solutions as this will increase the overhead. If IPSec lands on the router you can use DPD and RRI which is the best for HA.
I really dont think so the 2600 will scale but the 1841 may jus do it. What is the traffic you are looking at on each tunnel ? I can say the 1841 can handle upto 2 MB with 10 GRE tunnels and the 2600 also maybe the same.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...