Here's the gig,
We have a PIX 525, I have 10 remote PIX 501's. The 501's attach via the intenet to a T1 circuit attached to the PIX 525. Interesting traffic is encrypted and passed via VPN internally.
The problem is, I have now over provisioned my internet connection and wish to off load some (and the kicker is some not all) of the VPN clients to another circuit/port on the firewall. After much research I have come to a simple observation. When creating access lists which define my "interested" data I can only specify one Access-list via the "nat (inside) 0 access-list 100".
Please tell me it isn't so!!!!!!!!!!!!!!!!!! Ummm and if it is what would you rcommend (other than the obvious "move all the VPN's to the same interface")
Thank you for any assistance you would be willing to offer.
Mark