We have an environment currently where we have a single internet connection coming into a switch and from that switch cables running to multiple iOS routers. Each of these routers act as an IPSec VPN endpoint for a single customer to connect to. A basic overview of this can be seen in the "current" image attached (please note the IP addresses are illustrative only - we are using different public IPs and they are subnetted correctly).
What we want to achieve is what is shown (again, in a basic form) in the 2nd image - "proposed".
My question is - with multiple public IPs acting as VPN endpoints for customer VPNs - what is the easiest way to do this with an ASA? Is the best plan to assign a public IP subnet to each individual port on the ASA? Or can I have the internet connection coming into 1 port on the ASA and then set up VLANs so that the traffic is kept apart and the VPN tunnels function correctly? I have several years of iOS experience but only a little ASA so I just want to make sure I start off on the right foot.
We will almost certainly be deploying ASA 5512s.