Hi All,��

We are looking for any network consultant/company who can assist with the following. Replies off-list please :)

We have several customers who we have established site-to-site IPSec VPN tunnels with to provide them with remote support (I hate this concept but I have to go with it). Some of these connections are just single sites with a single network, others are to a customer's head office with multiple sites/networks behind. As we onboard more customers, terminating all of these VPNs onto our office firewall/router is becoming a headache. We regularly make changes to our firewall/routing and frequently run into issues affecting the VPN tunnels. We also have complex NATing for customers that have overlapping subnets.

I want to remove our office firewall/router as the terminating endpoint of these VPN tunnels. My thought is to build a 'hub and spoke' topology, using a centralised hub router to terminate all of the customer VPN tunnels, and our office then also becoming a spoke. Now changes to my office network have no impact on the VPN setup, and vice-versa.

If this is something you, your company or someone you can refer has experience in, I would very much like to hear from you. If you have had this problem in the past and have any other clever solutions, I would also love to hear from you!

Happy long weekend!