I have a 4000 series appliance on r77.30 that is our externally facing gateway.
Our ISP is forcing us change all of our public IP addresses (yay me).
We have quite a few IPsec tunnels for vendors, remote locations, etc...
I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.
I have an external interface configured with the new address and it is able to ping externally.
Here's a breakdown:
1.1.1.1 - current address for IPsec
2.2.2.2 - new address that will be for IPsec
Tunnel 1- vendor ABC
Tunnel 2- vendor XYZ
Current setup-
Tunnels 1 and 2 are pointed at 1.1.1.1
Desired setup-
Tunnel 1 -> pointed at 1.1.1.1
Tunnel 2 -> pointed at 2.2.2.2
Both tunnels running simultaneously without interruption.
This is a live environment so the lower the impact, the better.
Any advice is appreciated...
Thanks!