Is the cluster currently managed by the same management as the VSX cluster?
Will there be a 1 on 1 Cluster to VS migration? So all interfaces and VIP's will be reused on the VS?
If so that simplifies things, there are number of ways to do things, what I would do in that case:
- make sure the vlan's used on the physical cluster members are not allowed on the ports to the VSX cluster.
- add a new VS that takes over a part of the cluster and give it the correct interfaces and IP's
- add the VS to the VPN community in the same place as where the old cluster was, in a star the center gateway
At the moment of migration
- just disable the switch ports of the old cluster and allow the VLAN's to the new VS
- in the VPN community remove the old cluster from the gateways list - the PSK will remain and when your external IP is still the same (moved from cluster to VS) the VPN should restore on the VS.
- push Policy
Hope this gives you an idea on how to proceed.
Regards, Maarten