We currently have 2 CISCO firewalls which we are about to replace with one newer one.
Firewall A is for general use and Firewall B is for VPN's to remote sites.
Firewalls A & B each have an internet facing interface which are on the same network. These then connect to the ISP's onsite router. Which we have no console access to.
The issue we're having is we can't move both of these internet interfaces onto the new firewall as you can't have 2 interfaces on the same network, on the same firewall.
We have 30+ worldwide remote VPN sites. So manually configuring all of these to a new VPN endpoint isn't really an option. As we can't guarantee that these sites will be 'online' during the migration.
Also getting the ISP to make changes (routing etc) has (from previous experience) taken far too long to be another viable option.
Any ideas? Hopefully there's something easy and obvious I've missed.
Thanks
No comments:
Post a Comment