We have a wireless design working with Aironet and VPNs 3000. We would like to migrate to an airspace solution. My questions are:
a) is possible to do at the same time "VPN Passthrough" and web authentication (Internal or external) on the same WLAN ?
b) when configuring VPN passthrough, we can only configure one IP address for the VPN Gateway Address. Does it mean that the controller is doing relay ? or is this "like" an ACL authorizing IKE/IPSec to access the specified IP address ? When we have multiple VPN 3000/ASA behing this controller, what would be the design ?