Hi!
I have an RB1100Dx4 (6.46.4) that got more the 50 site to site ipsec tunnels running to other sites.
I use the eth1 as WAN and masquerade it out on the internet. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
Today eth1 gets it ip adress dynamic, and I like to change it to an static ip adress.
Is there any way to add a second static wan ip adress at eth2, and let the external users slowly change the ipsec peer-ip to our new static adress in their Mikrotiks at the other sites?
It’s hard to find a date and time thats fits all local i-peoplet on the other sites.
All tunnels are having a policy thats pointing out our sa-src-address whet export with terse.
/ip ipsec policy add dst-address=172.16.10.0/25 peer=Peer1 sa-dst-address=[other sites IP] sa-src-address=[our dynamic adress] src-address=192.168.0.0/24 tunnel=yes
Nat:ing all the traffic from the tunnels into our network.
/ip firewall nat add action=accept chain=srcnat dst-address=172.16.10.0/24 src-address=192.168.0.0/24
Thanks in advance.
Kenny N