I have a client using Cisco VPN Client to establish a VPN to a 3005 Concentrator. (Ver. 4.0.1) I am also using the 3005 to establish VPNs to remote PIX firewalls. The VPN Clients are using an address pool that is not on any other network.
Question: Can that client VPN to the 3005, and use an existing tunnel to a remote site? My intuition says no, since they are both being created on the external interface. I know it is possible to create a second tunnel on the PIX to route packets going to a specific IP range (i.e., the DMZ on the remote PIX), but that setup has only been tested from the internal networks (one tunnel to access the remote site's internal network, the other tunnel to access the DMZ). Can packets be routed from the 3005 to accomplish the same thing?
I can send a diagram if that will help. Any assistance would be appreciated.