I have a remote site that has a 2851 currently with a single ISP and VPN site-to-site back to my HQ.  I would like to add a second ISP at the remote site for fail-over as the Internet connection at the location is somewhat unstable.  My HQ is fully redundant already with dual ISPs and eBGP.  To comply with corporate policy I tunnel all traffic back to HQ for inspection, content filtering, SSL decryption, etc.  I'd prefer to use a tunnel interface with this setup as I can do more with ACLs and security opposed to crypto-maps.

Is it possible in the IOS to do the following?

1. Establish a site-to-site tunnel using ISP1 and aggressive mode (works easier at HQ when 2 ISPs are invloved) back to HQ.
2. If ISP1 fails detect and switch over to ISP2.
3. Re-establish the VPN tunnel with ISP2 back to HQ.
4. Detect ISP1 is back up and flip back.

I could do this with 2 routers and HSRP but that would involve changing the way things work at HQ with the routing and I would like to avoid that if possible to not introduce more changes.  Any thoughts on how to do it would be appreciated.  Thanks in advance.