I currently have a site thats running an Adtran 3448 router with VPNs and Im looking to replace it with an Edgerouter Pro. They have 5 local subnets and vlans, 5 site to site VPNs, and about 20-25 "dial-up" vpn users. The "dial up" users are considered mobile peers, are able to initiate the VPN, and do not require a static IP. They also receive IP addresses from a pool, have their own individual pre-shared keys (I think this is important if a user gets compromised they can be cut off without having to change out all of the keys for everyone), and most critically the users each have rules that allow them access or deny access to certain subnets. For example - User A might need access to 192.168.5.0 but should not access 192.168.6.0. But User B might be the opposite, and User C might need access to both.
The most painless configuration would be to duplicate all of the VPNs without having to change the mobile peer configurations, but I dont know if this is even possible.
What are the show stoppers here and how is the best way to get around them?