Create a Post
Showing results for 
Search instead for 
Did you mean: 

Having multiple External addresses for IPsec

I have a 4000 series appliance on r77.30 that is our externally facing gateway.

Our ISP is forcing us change all of our public IP addresses (yay me).

We have quite a few IPsec tunnels for vendors, remote locations, etc... 

I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.

I have an external interface configured with the new address and it is able to ping externally.

Here's a breakdown: - current address for IPsec - new address that will be for IPsec

Tunnel 1- vendor ABC

Tunnel 2- vendor XYZ

Current setup-

Tunnels 1 and 2 are pointed at

Desired setup- 

Tunnel 1 -> pointed at

Tunnel 2 -> pointed at

Both tunnels running simultaneously without interruption.

This is a live environment so the lower the impact, the better.

Any advice is appreciated...


0 Kudos
6 Replies
This widget could not be displayed.