AnsweredAssumed Answered

Having multiple External addresses for IPsec 

Question asked by Isaac Hamann on Jul 13, 2018
Latest reply on Jul 14, 2018 by Valeri Loukine

I have a 4000 series appliance on r77.30 that is our externally facing gateway.

Our ISP is forcing us change all of our public IP addresses (yay me).

 

We have quite a few IPsec tunnels for vendors, remote locations, etc... 

I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.

I have an external interface configured with the new address and it is able to ping externally.

 

Here's a breakdown:

1.1.1.1 - current address for IPsec

2.2.2.2 - new address that will be for IPsec

 

Tunnel 1- vendor ABC

Tunnel 2- vendor XYZ

 

Current setup-

Tunnels 1 and 2 are pointed at 1.1.1.1

 

Desired setup- 

Tunnel 1 -> pointed at 1.1.1.1

Tunnel 2 -> pointed at 2.2.2.2

 

Both tunnels running simultaneously without interruption.

This is a live environment so the lower the impact, the better.

 

Any advice is appreciated...

Thanks! 

Outcomes