[c-nsp] Redundant VPN w/ Cisco Routers

[Garry]

Hi,

I've received a request about setting up a redundant VPN between two
sites ... remote site has two routers connected to two separate lines,
one with static IP, the other dynamic. Local site has a single router
with two links, both static IPs. HW used is a 1841 locally, remote has
an 887 and 878 ...

As I can't use the same internal IP ranges for both VPNs, I was thinking
about setting up something along this idea:

- put in some loopback IP, e.g.: 10.0.0.1 for local site, 10.0.1.1 for
remote router 1, 10.0.1.2 for remote router 2
- set up IPSEC VPNs for 10.0.0.1-10.0.1.1 and 10.0.0.1-10.0.1.2
- run GRE tunnels over those IPSEC tunnels
- use some IGP over the tunnel (and between the two remote routers) to
route the actual LANs

Does this sound like a feasible solution, or is there a better way to
set this up? I've looked around a bit on the 'net, but apart from some
people asking for similar solutions (and usually not getting an answer)
I couldn't find anything ...

Tnx, Garry