The ASA device is going to be the gateway for multiple distinct inside IP subnets.
We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).
Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.
The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias.
How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.