Is there a reason to have IPs on terminating sides of a VPN tunnel when connecting, say, 2 remote offices?
There is an option to have and an option not to have. Advantages and disadvantages of both options?
10.1.x.x <-> (vpn1 router) (IP need?) <-tunnel-> (IP need?) (vpn2 router) <-> 10.2.x.x
This can vary.
It will depends on what you're needing to do with said tunnel and what devices are doing the IPSec. For instance, on a Juniper JUNOS based firewall, you can get away without it and just use next hop tunnel binding to get the data there (a static route, basically) by pointing the next hop as the tunnel interface. However, if you want to run a routing protocol like OSPF over the same link, then the tunnel needs an IP address.
This can also have an impact on interoperability. I don't use tunnel addresses between a Juniper SRX and a Sonicwall, or between a Juniper NetScreen and a Cisco ASA. All circumstantial.
