i did that.
on gigaether 0/1 interface i have 4 different subenterfaces(.100 for internet, .110 for L3VPN, .120 for backup internet and address over which LAN segment coming, .121 for tunnel)
it goes like this:
int gig0/1.100
vlan 100
security-level 0
nameif Internet_access
ip add 80.80.80.82 255.255.255.252 (not real ip, but it is link IP there)
no shut
int gig 0/1.110
vlan 110
security-level 50
nameif L3VPN
ip add 192.168.100.2 255.255.255.252 (private IP for L3VPN)
no shut
int gig 0/1.120
vlan 120
security-level 0
nameif Internet_VPN
ip add 90.90.90.82 255.255.255.252 (public IP address for link over which LAN segment(set of 8 public IP addresses) is coming in)
no shut
int gig0/1.121
vlan 121
security-level 0
nameif Tunnel_peer
ip add 88.88.88.1 255.255.255.248(peer address for tunnel... that's the address that was on router as loopback address)
no shut
lets just put also my LAN interface and some routes, so there are no confusion.
interface gig0/0
security-level 100
nameif LAN_network
ip address 10.10.10.1 255.255.255.0
no shut
route Internet_access 0.0.0.0 0.0.0.0 80.80.80.81
route L3VPN 192.168.0.0 255.255.0.0 192.168.100.1
route Internet_VPN 91.91.91.2 255.255.255.255 90.90.90.81
first route-default for internet
second route-for all the private networks i need to access over L3VPN
third route, 91.91.91.2 is second site peer address, and it needs to establish through Internet_VPN interface, using Tunnel_peer address as our site peer address...
in other words, i need traffic for establishing tunnel to go through 90.90.90.81 interface, and i need to establish tunnel with our site peer 88.88.88.1 and second site peer 91.91.91.2
and this is where i'm hitting the wall :)
lets say IP address on my site that needs tunnel is 10.10.10.10, and i need to hit 10.100.100.10 which is on the other site... how to make crypto maps so this works? should i change routes or something? i'm utterly confused :)
