AnsweredAssumed Answered

Having multiple External addresses for IPsec 

Question asked by Isaac Hamann on Jul 13, 2018
Latest reply on Jul 14, 2018 by Valeri Loukine

I have a 4000 series appliance on r77.30 that is our externally facing gateway.

Our ISP is forcing us change all of our public IP addresses (yay me).


We have quite a few IPsec tunnels for vendors, remote locations, etc... 

I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.

I have an external interface configured with the new address and it is able to ping externally.


Here's a breakdown: - current address for IPsec - new address that will be for IPsec


Tunnel 1- vendor ABC

Tunnel 2- vendor XYZ


Current setup-

Tunnels 1 and 2 are pointed at


Desired setup- 

Tunnel 1 -> pointed at

Tunnel 2 -> pointed at


Both tunnels running simultaneously without interruption.

This is a live environment so the lower the impact, the better.


Any advice is appreciated...