If I want to build a new tunnel to a remote site that is part of a summary to another site, will the FTD appliance still accept the commands or will it fail? Meaning if I have a crypto map with permit acl to 10.50.0.0/16 and also want to define a more specific subnet to another endpoint, such as 10.50.100.0/24, will the system allow me to do that or do I have to delete the tunnels and add the more specific subnets?
If you're building the tunnel on the same interface, it will be the same crypto map, just a different entry. Though i didn't yet implement this exact setup on the FTD (with a remote protected network as a member of another remote protected network), it needs to work. Worst case, it's gonna work via FlexConfig.
I tried adding the /24 but it did not work. I ended up rebuilding the site with the /16 to more specific networks (not including the /24). Just tried to take a shortcut as there was obvious downtime.