When you setup your routing for the two tunnels have the static routes for the primary tunnel prefered over the secondary.
On the Primary VPN phase two configuration advanced tab, enable VPN monitor with ping check. Choose a router ip address in the tunnel traffic that will respond to ping. As long as the ping is up the tunnel will remain up. Once the ping stops the tunnel interface will be brought down and remove your primary route from the table allowing the secondary one to work.
Once the tunnel is restored the inteface will come back up and the traffic will flip again.