Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Isaac_Hamann
Explorer

Having multiple External addresses for IPsec

I have a 4000 series appliance on r77.30 that is our externally facing gateway.

Our ISP is forcing us change all of our public IP addresses (yay me).

We have quite a few IPsec tunnels for vendors, remote locations, etc... 

I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.

I have an external interface configured with the new address and it is able to ping externally.

Here's a breakdown:

1.1.1.1 - current address for IPsec

2.2.2.2 - new address that will be for IPsec

Tunnel 1- vendor ABC

Tunnel 2- vendor XYZ

Current setup-

Tunnels 1 and 2 are pointed at 1.1.1.1

Desired setup- 

Tunnel 1 -> pointed at 1.1.1.1

Tunnel 2 -> pointed at 2.2.2.2

Both tunnels running simultaneously without interruption.

This is a live environment so the lower the impact, the better.

Any advice is appreciated...

Thanks! 

0 Kudos
6 Replies
This widget could not be displayed.