Today we are using a pair, for redundancy, of 2800 routers with crypto cards (AIM-VPN/SSL2) for our VPN Lan2Lan tunnels. The routers can terminate in different VRFs (VRF aware IPsec).
But one thing we are having quite an issue with is configuration. We have to remember to put configuration on both devices individually, which we tend to forget from time to time. And as far as I know they are not able to sync configuration. But I could be wrong...
I know that the ASA can, but then we have to have a lot of contexts which is quite expensive, and brings quite an amount of configuration each time we configure a new context.
It is possible to find some devices that can handle VRF aware IPsec as well as single device configuration?