We have several small sites that have CP3200 GW's that have P2P VPN connection to our Corporate CP5800 HA GWs - Hub and Spoke design.   These sites are NOT on any SD-WAN configuration -- just using Spectrum Business Class or VZN FiOS to get onto the Internet  

We are setting up a DRaaS site with our Service Provider.   The initial design is that our DataCenter is down, and the company will be operating out at the DRaaS site.   Obviously, the corporate 5800 FWs are now "offline"

All our CP devices are R82.   

The remote CP3200's default route just point to the ISP's Gateway.  So, I am looking to see if setting up a redundant VPN tunnel to a non-CP gateway is possible with the CP3200 and are there anyone or docs (that I have not been able to find yet) that explain how to set this up.  

FWIW, we do not use or are licensed for any Harmony products to connect remote users.  We have Cloudflare's ZeroTrust for end-user access.   

This post is just to find out how / if it's possible to create secondary VPN off each remote site's 3200 that would take over if the primary VPN connection into the Corp datacenter's 5800 went down.   

TIA - Perry