I have a 4000 series appliance on r77.30 that is our externally facing gateway.
Our ISP is forcing us change all of our public IP addresses (yay me).
We have quite a few IPsec tunnels for vendors, remote locations, etc...
I'd like to find a way to simultaneously use both the old address and the new one for IPsec so that I can transition the tunnels one-by-one and not update every vendor simultaneously. In time, I could remove the old address entirely.
I have an external interface configured with the new address and it is able to ping externally.
Here's a breakdown:
22.214.171.124 - current address for IPsec
126.96.36.199 - new address that will be for IPsec
Tunnel 1- vendor ABC
Tunnel 2- vendor XYZ
Tunnels 1 and 2 are pointed at 188.8.131.52
Tunnel 1 -> pointed at 184.108.40.206
Tunnel 2 -> pointed at 220.127.116.11
Both tunnels running simultaneously without interruption.
This is a live environment so the lower the impact, the better.
Any advice is appreciated...