All,
I was hoping to get some confirmation that this will work as I've never tried it.
My Scenario: ASA 5520 that hasn't arrived yet.
Multiple outside VLANs as bandwidth contracts/SLA vary between partners: Partner A Partner B Corp
Multiple inside VLANs at our edge corresponding to these partners with traffic separation within our campus: Partner A Partner B Corp
I would like to be able to terminate VPNs on the outside using multiple logical interfaces corresponding to the outside VLANs. I would like these VPNs to flow through to the appropriate logical interface corresponding to the VLANs on the inside. Basically I am guaranteeing that the VPNs for any given partner are terminated using bandwidth allocated to them as the ISP handles the bandwidth allocations by providing us the outside VLANs.
Anyhow, I am assuming I would just set this up like any other VPN arrangement terminating my tunnels on the appropriate logical 'outside' interfaces. I am then assuming that traffic would flow properly based on the ACLs used for the match addresses as traffic would be recognized as being local to the appropriate logical 'internal' interfaces. There is no IP overlap on the 'inside'. Will this work? Do I have to take any other steps to ensure traffic separation? Thanks!
-Kevin