Good day everyone.

We currently have a private MPLS network that all of our locations communicate over.  Management is privately addressed on a VM, and there are no issues whatsoever.  We are going to rip and replace the MPLS circuits this year and move to DIA, so all sites will communicate over a s2s VPN community.

I'm assuming it's a bad practice to have management <-> gateway communicate over a VPN, so i'm thinking to move management to our DMZ and publically address it.  It just happens that the VM host that our management VM is on has arms on both our private network and our DMZ.  Is it feasible to add a 2nd interface (DMZ) to management and move clusters over to the public interface one at a time, or should i just rip the bandaid off and follow sk40993 and change the IP on the current interface?

all versions are r81.10




Personally, even though you can add another IP, I would rip it off and follow the sk itself, seems like genuine option, for the lack of the better term.


