Hi, I have a question for VPN peer IP address. I have a block of public IP addresses I can use. One of them of course is assigned to the public facing interface on my firewall. I need to set up a half dozen site-to-site VPN on the firewall with external agencies. What is the pros and cons of using the interface IP address as the VPN peer IP address for all the VPN sites v.s. using the different public IP address for each individual VPN sites? I am thinking maybe using unique IP address for each VPN peer makes it is easier for tracing and troubleshooting issues, but that's just my random thoughts. Is there a set standard and reasoning as to how you should assign IP address when there are multiple VPN peers?
Also, when it is necessary to NAT the VPN encryption domain (interesting traffic) to a public IP address, is it recommended to use an IP address other than your VPN peer IP address? It seems like using the peer IP for NAT works just fine, but I was told once it's not recommended with no clear explanation.
Thank you in advance for your comments!