Create a Post
Showing results for 
Search instead for 
Did you mean: 

Can I have two CENTER gateways with the SAME (vpn) IP in a STAR COMMUNITY?

I'd love it if someone could save me the time this would take to lab!  And if it doesn't work, it's a feature request please!

My customer is adding a DR site that will be a complete BGP failover - lots of identical addressing. Firewall management ports are unique though, so we have a unique FW object for each site, all nicely working.  They are NOT a cluster, but they run the same policy, and the live site will be the one seeing the LAN and WAN networks as BGP hands them to it.

However, for public internet access, in order to make this work without a lot of stress with VPN partners, the DR site gateway should have a duplicate address on it's internet interface (only).  So:

  • Mostly unique addressing, but external IP is a duplicate
  • Only one GW effectively active at a time, whichever is receiving BGP routes etc
  • They are not clustered, but they run the same policy and protect the same encryption domain
  • They are primary and secondary (prioritized list) center gateways in a star community running MEP
  • Center gateways are not meshed (obviously).  There is an internal MPLS.
  • Gateways have the public IP defined as the VPN address in Link Selection
  • Connections to third party satellites gateways in this scenario use shared keys

Does this work?  Are there any issues with the address being identical?


0 Kudos
2 Replies

Just to be clear, the Main IP for these two gateways is different, but the Link Selection IP is the same for both?
I know having two (interoperable) gateways with the same IP is not supported, but not exactly sure about the same Link Selection IP. 

0 Kudos

I do not think this is possible. 

0 Kudos