I am trying to design a solution for three site-to-site tunnels to three different customers via a ASA as the vpn endpoint on my end. The customers connection are via T1 connections and there will be three 2811 routers in front of the ASA for the T1 connections. My diagram would look like this:
customer a --------- -------------- t1 ------------- cisco2811 --------- <lan1> --------
______
customer b --------- <internet> -------------- t1 -------------- cisco2811 -----------<lan 2> ------- | ASA | ----------- inside network
|______|
customer c --------- ------------- t1 -------------- cisco2811 -----------<lan 3> -------
Looks like this could be my options, not sure if this would work, please comment.
-- Can I terminate three different physical links directly to the ASA and create three site to site tunnels with three different endpoint (peer) ip? Can the ASA support three outside interfaces with same security zone 0?
-- My other options could be putting a switch between the 2811s and the ASA so it could possibly configure a single trunk to the ASA?
I only have two block of public ip addresses for each customer. (one block belongs to the T1 side, other block is the lan side).
Do anyone running into similar situation?
Thanks,