IPSEC behind another NAT router and network monitor probes.
I've got an odd one on my hands I'd like some help with if possible.
I have to do an IPSEC tunnel with Adtran at the local and remote location. I have done IPSEC in aggressive and main modes before. The router that is doing the VPN tunnel to the remote location is not the "main" router onsite. My plan is to put the new Adtran in parallel with the current router, WAN side on a public address and LAN side on the LAN. Then have routes on the LAN side. The issue here is that the public WAN space is a 10.x.x.x on a point-to-point from the "carrier" who does NAT for them. Not sure that would work.
The second part is that there will be a backup/redundant VPN tunnel back to the remote location with a different Adtran in a different building, but on the same LAN as the 1st Adtran. If I have all the existing equipment's routing to point to the first Adtran if traffic is destined for the remote location, how can I tell that first adtran to ship traffic to the 2nd Adtran if the first Adtrans VPN tunnel fails? I read about network monitoring and probes but I think I need to see an example. The examples I saw were for failing over to another WAN link if the first failed. This would be re-routing the LAN traffic to the other Adtran where there is also a VPN tunnel to the remote location if the 1st Adtran VPN tunnel fails.