IPsec Hub and Spoke Topology
I have been tasked with a project at work to create upto 3000 VPNs to remote devices. I have chosen to go with the HUB and Spoke topology because the remote devices will be using SIM cards and will be a mixture of 3rd party routers. We cannot use DDNS sa they are mobile devices and will have dynamic public IPs.
The HUB and Spoke topology should do the job. But there is a requirement by the department we are doing the work for; Due to the amount of IP subnet pools that would be needed for the remote devices(mixture of different customers). it has been requested we do not publish subnets from the remote devices, but we use the VTI (route based VPNs)and DST-NAT to the devices behind the remote routers(spokes). To do this we would need to know the VTI IP addresses on every VPN.
Is this possible or am I wasting my time?