Forum

Here is what I did. I have a network that is either SONET, ATT MPLS, T1/T3, and some public broad band. All the internet traffic is ends up at a datacenter through 1 internet pipe.  So on the external firewall/DMZ I have a VPN concentrator.  This is standards based and allows me to create a network that does not route on my corp LAN. Then I can use a Juniper netscreen or SSG to terminate at B2B VPN at remote sites. So, essentially my guest users are connected to my firewall and NAT'd out.  This make it easy to add new sites and my only requirement is that I have an IPSec VPN box.  It may seem over kill but I can plug virtually any hardware in and if I need to move it I just re-IP the untrust. I don't have to change anything else. Using L2TPv3 sounds like that would be similar. Well anyway that is what I did.