I have a 4000 series appliance on r77.30 that is our externally facing gateway.
Our ISP is forcing us change all of our public IP addresses (yay me).
We have quite a few IPsec tunnels for vendors, remote locations, etc...
I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.
I have an external interface configured with the new address and it is able to ping externally.
Here's a breakdown:
220.127.116.11 - current address for IPsec
18.104.22.168 - new address that will be for IPsec
Tunnel 1- vendor ABC
Tunnel 2- vendor XYZ
Tunnels 1 and 2 are pointed at 22.214.171.124
Tunnel 1 -> pointed at 126.96.36.199
Tunnel 2 -> pointed at 188.8.131.52
Both tunnels running simultaneously without interruption.
This is a live environment so the lower the impact, the better.
Any advice is appreciated...