cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

NEED TO CHANGE THE IPSEC VPN IP

Hi All,

We are going to change the ISP provider link from BSNL link to Vodofone Link. So We want to change the ISP link IP in IPSEC VPN.

Please help me below queries:

>How to Change the IPSEC VPN IP.

>How much time we need to take as MW to change the configuration.

>What are all the requirement need to change the IP.

Regards,

Virupaksh

0 Kudos
1 Reply
Vladimir
Pearl

Re: NEED TO CHANGE THE IPSEC VPN IP

It partially depends on which IP is assigned as a main Gateway's IP: i.e. if it is the IP used for licensing, you'll have to detach and re-attach the license (if centralized) or re-key the license to the new IP in the User Center.

Keep in mind that if you are using peer to peer VPNs, you'll have to coordinate cut-over to the new IP with them.

There is a good post on this subject at: Change firewall own IP address :

Default Re: Change firewall own IP address

First off all, do you have a spare interface on the gateways? If so it will make it easier to migrate especially for your VPN users.
How to:
  • stage 1
  • setup the free interface with the new IP's of the new provider and connect them to the provider.
  • in dashboard add these interfaces and IP's to the cluster topology, with the cluster interface set to external
  • In the IPSec VPN tab of the cluster go to the Link Selection page, now set the new interface as the main connection point.
  • in the same page go to the Source IP address settings, here change the setting to "IP Address of chosen interface"
  • end stage 1
  • leave this for about a week, the time that most users will at least have connected once?
  • stage 2
  • in dashboard prepare all the NAT changes, make sure that all Inbound IP's are at the changing point changed in DNS? (prepare the DNS cache time to be set low a week before you do this and set it back to normal after a few days after you are done)
  • change the default route on the 2 gateways to point to the new connection
  • end stage 2
  • keep an eye on tracker to see how much traffic is still hitting the old connection/IP's
  • Stage 3
  • disable the interfaces with the old provider.
Done.
Regards, Maarten."
0 Kudos