You can do this through authorized_keys.
Set up a special user, his ~/.ssh/authorized_keys add the keys of all customers.
Next to each key, you can specify additional ssh options, including a command parameter that forces a command authorization for this key, the command make start your local ssh session.
The result is something like:
command="ssh 10.0.1.1" ssh-rsa AAA...A+p1 client1
command="ssh 10.0.1.2" ssh-rsa AAA...A+p1 client2
Then all clients just connect to the main server on its usual port.
With the authorization of inner devices, possible options, such as private keys to authorize them to lay out on the primary server and specify using the-i option in the command.