I am a self-taught yet reasonably experienced administrator of the software client-to-3005 concentrator VPN scenario. Some of the concepts, though, have me stuck when trying to apply things in the 3002-to-5510 environment: I have successfully configured the 5510 and a 3002 to connect to each other and establish a VPN tunnel. A software client would now have an overriding VPN tunnel private IP address assigned to the client machine it is running on, which will be used for all tunneled traffic. The 3002, however, actually has a private hardware interface that I thought I already need to configure with an applicable private IP address of the network it is residing on. Did the ASA now assign an additional private tunnel VPN address to this 3002? (It is configured like my old 3005 to use a local address pool for client DHCP assignments.) What good does this do for my client that sits (untunneled) on the private network behind the 3002? Do I have to add a static route to point traffic for the network behind the 5510 to the 3002? If so, to the physical private IP or to the assigned tunnel IP? What if that tunnel IP changes later due to DHCP? I'm sure this sounds funny to an expert but I am drawing a blank here as to how this is supposed to work. ;-) Enlighten me, please!
I have this problem too.