Hi All,
We are looking for any network consultant/company who can assist with the
following. Replies off-list please :)
We have several customers who we have established site-to-site IPSec VPN
tunnels with to provide them with remote support (I hate this concept but I
have to go with it). Some of these connections are just single sites with a
single network, others are to a customer's head office with multiple
sites/networks behind. As we onboard more customers, terminating all of
these VPNs onto our office firewall/router is becoming a headache. We
regularly make changes to our firewall/routing and frequently run into
issues affecting the VPN tunnels. We also have complex NATing for customers
that have overlapping subnets.
I want to remove our office firewall/router as the terminating endpoint of
these VPN tunnels. My thought is to build a 'hub and spoke' topology, using
a centralised hub router to terminate all of the customer VPN tunnels, and
our office then also becoming a spoke. Now changes to my office network
have no impact on the VPN setup, and vice-versa.
If this is something you, your company or someone you can refer has
experience in, I would very much like to hear from you. If you have had
this problem in the past and have any other clever solutions, I would also
love to hear from you!
Happy long weekend!
--
Thanks
Christoph
​ Berthoud​
