how to configure remote access only gateway at site with multiple gateways?

[abadillo]

I have three sites, A,B&c. I have all three sites connected via P2P T1’s, as backup route I have VPN connectivity between all sites. The problem is I want users to VPN to Site A, and use the back end routing unless there is an issue at which time the internal routing protocol will re-route over to the vpn. How can I accomplish this?
How i have currently been doing this is with a second management station, so the gateway doesnt know the other enf. points topology.

i want to bring it down to one mgmt station.

Running NG_R55, HFA-17 on all enf. points
running secureclient
Enf points A,b&c in vpn community, not running any routing protocols.
[vpn] defiend as remote access vpn.
running OSPF on back end network.

i have attached a simple drawing.