I have an ASA 5510 that uses the OUTSIDE interface for Internet access and it uses a separate interface called VPN to accept VPN connections. This is working fine because the ASA has a default gateway pointing to the OUTSIDE interface and static routes pointing to all the Site-to-Site tunnels through the VPN interface.
Now, the problem is that I need to allow remote access VPN connections to the ASA.
I cannot connect with a VPN client to the ASA without knowing before-hand the public IP address where the client is coming from because there's no route through the VPN interface to that client. If I configure a static route through the VPN interface for the VPN client, then it works. Obviously this is not the solution I need, because most of the clients come from unknown addresses.
My question is:
Can I configure a different crypto map on the interface OUTSIDE to allow remote VPN clients and still allow all the Site-to-Site tunnels terminate on the VPN interface?
Is this clear?
Please let me know, thanks!