- Bronze, 100 points or more
Hello, trying to figure out a good design for connecting multiple partners to our network. I currently have allocated to the task one router and one ASA5510. Having problems with my initial design concept and am looking for guidance on a new one.
The problem is this. We will need to connect to each partner via a different IPSec tunnel using pre-shared keys, each vendor might have different requirements for their tunnel, such as encryption type, etc. Each partner will then need to be ACL'd off to only allow access to those resources they've been approved for, or to allow our employees access to resources on their network(s). To one partner we might be able to just do simple PAT, allow all of our internal hosts to connect with a few of their hosts and share one outbound IP address. Another partner might require that we not use our internal RFC 1918 addresses, but instead provide them with public IP addresses and NAT them to our internal servers IP addresses.
I was thinking of using VLANS on the ASA and terminating each tunnel on a separate VLAN interface. But then while each partner would get its own "outside" interface for NAT, they would be sharing an "inside" interface.
Pretty new at this, looking for the best way to go on it. Any suggestions and/or configuration examples would be greatly appreciated!