I currently operate an Internet based WAN with fixed Pix to Pix VPN connections between sites. I am migrating to an MPLS based WAN. While some sites will ditch the firewall and replace it with the MPLS router, others will move the outside interface of their firewall from the Internet router to the MPLS router. During the migration, my location will maintain a direct connection to the MPLS and a firewalled connection to the local Internet service.
My question is: When a remote firewall is moved from Internet to MPLS, can I establish a new tunnel via the inside interface of my Pix, while still maintaining other external VPN tunnels. This would mean, at my end, both encrypted and unencrypted traffic would use the same interface.