Hello,
currently we’ve run into perfomance problems with MikroTik RouterOS virtualized in our XenServer environment.
Because of that problem, we want to switch over to CCRs for the Site2Site IPSec endpoints.
Right now every customer has it own virtualized RouterOS, the most customers have IPSec Site 2 Site tunnel configured, but other customers have SSTP oder L2TP for client remote access configured. Each customer has a pair of VLANs, one internal vlan and one external vlan.
Our rackspace is limited and we want to centralize it on a CCR.
My current plan is creating a VRF for every customer, get all VLANs for the external customer networks tagged into one interface and get the internal VLANs into another interface.
Configure the ip addresses on the vlan pair and put the vlan interfaces in the customer VRF to separate the customers.
Is there a problem with IPSec, SSTP and L2TP tunnels?