Here's my configuration:
17 Security Contexts---VLAN300---MSFC---VLAN250---Admin Context---VLAN100(outside)
VLAN300 is an SVI with an IP of 10.10.10.1 /24
VLAN 250 is an SVI with an IP of 10.20.20.2 /24
The Admin Context inside interface is on VLAN 250 with an IP address of 10.20.20.1 /24.
The 17 Security Contexts have an IP address on their outside interface in the 10.10.10.0 /24 subnet.
Admin context outside interface is connected to Layer2 VLAN100 with an IP address 184.108.40.206 /24.
I also have a VPNSM with an IP address on VLAN 100, 220.127.116.11 /24. I want to terminate all L2L connections on the VPNSM, and have the decrypted traffic routed to the Admin Context for security ACL checks, then routed out to the appropriate interface. There are other interfaces with IP's in different subnets. How can this be achieved?
The traffic that gets decrypted by the VPNSM will get routed to the MSFC and from there it can get to any of the other VLAN's on the MSFC. The other way is true. Users in one of the security contexts can go directly to the SVI configured for the VPNSM.
Any help would be appreciated.