LAN client load balancing while binding IPSec to its own load balancing groups

Hi — I have 3 WANs and clients are round-robin’d through the connections via load-balancer.

WAN1
WAN2
WAN3

I also use several IPSec tunnels to connect to remote networks, each bound to a specific interface via dhcp-interface. The problem with this is that when/if one of these interfaces goes down, the tunnel goes down. If I use local-address any, then round robins the connections.

How can I achieve something like:

IPSec tunnel 1 - WAN2 first, WAN1 backup
IPSec tunnel 2 - WAN3 first, WAN1 backup
All clients round robin’d through all 3 WANs for all other NAT connections.

With pfsense for example, I can achieve this by creating various “gateway groups” and binding the IPSec tunnels to the different groups.
Thank you.

Watchguard allows you to do multiple gateways per tunnel also, but from my own post asking about this it doesn’t seem possible with VyOS.

Now the solution I ended up going with while working with @Viacheslav, was to setup multiple tunnels using a single WAN interface, then use the same tunnel endpoints but different metrics. Then if tunnel1 via WAN1 goes down and remote resource using metric 1 is unavailable, tunnel2 via WAN2 should be able to get to the remote resource using metric 2. That may not have been fully fleshed out in my linked post, but I am running that configuration now and just need to tie up some additional testing.