I have 2 ADSL services (for resilience) at a remote site, let's call them 'primary ADSL' and 'backup ADSL'.
We have a Hub-Spoke VPN architecture and run OSPF.
I wish for the primary ADSL to be used for internet traffic, unless it goes down, and then the backup should be used. I assume I'd just configure qualified-next-hop for this.
The same goes for the VPN tunnels back to the Hub site. I'd want the tunnel over the primary ADSL to take priority, and the tunnel over the backup ADSL connection to be on standby, so to speak. I presume this means configuring 2 separate tunnels back to the Hub and then setting a higher metric in OSPF for the backup VPN?
Does this seems sensible? It's different to how the current ScreenOS device is configured, but that seems to handle VPN differently, hence the question.