Site to Site VPN to multiple customer

[fs483]

Hello,

I've got a couple of routers (2600 and 1800) and a few firewalls (Pix501, Pix506e and ASA5505) lying round and was wondering if I can put them to good use. I manage the networks of a couple of customers and would like to have a VPN site to site setup to each of those customers yet keeping all their traffic separate. My IP is dynamic but stays pretty much the same unless I hard reboot my modem and most of my customers have fixed IPs. Which would be the best choice for the device on my end (Router, Pix or ASA) and how can I prevent the machines from seeing each other (between customers). Some IP ranges do overlap between the customers or with my own.

Thanks,
fs483

 

[North323]

take an ASA and create VPN tunnels to each customer. no issue.

 

[fs483]

How about identical IP scheme between me and one or more customers? I have already setup site to sites with ASA for a customer that had multiple sites before but I had made sure I had a different IP subnt for each site.

 

[North323]

as long as you set up different tunnels, you wont have an issue.

 

[Supergrrover]

Some IP ranges do overlap between the customers or with my own." this creates an issue. 3 separate tunnels with 192.168.1.0 networks. Which 192.168.1.10 does the traffic need to go to??? (See the point)

You will need to do a lot on your end if you want l2l tunnels.

Take a look at this -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

The concept is the same. The pix/asa does translation for each tunnel (it's like a uniquely named alias.) It ain't easy but it can be done.

Brent
Systems Engineer / Consultant
CCNP, CCSP