We currently have a Catalyst 6509 which terminates the IPSec/GRE tunnels. We would like to then connect our ASA5540 to this 6509 to inspect the traffic once the packets have been decrypted and then send it back again to the 6509 to route it to its final destination within the VLANs that reside in the 6509.
This is what we'd like to do: [WAN]-->[6509 IPSec SPA]-->[ASA5540]-->[6509 VLANs]-->servers
We've been trying to see how this can work for almost a month and still cannot come up with a solution.
If we were to use transparent, it requires that both VLANs (inside and outside) need to be on the same subnet. However, when I create the two subnets within the 6509, it refuses since the IP addresses overlaps.