3002 running 4.7 in network extension mode, pix running 6.3(5). Require connections from the private subnets behind the pix to private subnets

behind the 3002. It appears the 3002 only supports the directly connected subnet off it's private interface as interesting traffic. There is no way to specify add'l subnets behind the 3002.

From the 3002 4.7 admin guide:

Network Extension mode allows the VPN 3002 to present a single, routable network to the remote private network over the VPN tunnel. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the central-site VPN Concentrator.

Below is the ipsec sa for the tunnel, 172.25.1.0/24 is the private subnet off the 3002. When the tunnel is up the pix creates a dynamic acl (dynac187). Is there is any way to specify add'l subnets off the 3002 without moving to another platform like the 3005 on each side?

Thanks

local ident (addr/mask/prot/port): (192.168.100.103/255.255.255.255/0/0)

remote ident (addr/mask/prot/port): (1.2.3.4/255.255.255.255/0/0)

current_peer: 1.2.3.4:500

dynamic allocated peer ip: 0.0.0.0

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (172.25.1.0/255.255.255.0/0/0)

current_peer: 1.2.3.4:500

dynamic allocated peer ip: 0.0.0.0

access-list dynacl87; 1 elements

access-list dynacl87 line 1 permit ip any 172.25.1.0 255.255.255.0 (hitcnt=923)