Hey all, networking question.... we have a lot of IPSec VPN tunnels to outside vendors, customers, clients, etc.
So the way we have done it is connect our public IP with their public IP and grant permissions to the relevant internal IPs/devices, using PSK (IkeV1 and IkeV2 or something) plus preshared keys for security. I think this is how most people do it?
We are moving to a few new IPs and maybe switch again a few years after that, and obviously everytime we switch ISPs we get new a new IP address block, and hence we have to reconfigure all the VPNs with all the customers, clients, etc because of this.
Is there a better way to do this? I know you can buy an IP block from ARIN and move this IP block between ISPs and hence don't have to continue reconfiguring them everytime we switch, but they only sell a /24 network and we definitely don't need 128 IPs, and you have to prove you need all of them. The nice way about this one is that it would also give us the ability to do BGP with an AS # (I think), and be easy to failover between ISPs should one go down and not have to worry about multiple ISP VPN tunnels and such....
I also heard there is a way to configure IPSec VPN tunnels to DNS names or something? Hence if I purchased a cloud DNS name (or an internal one, not sure), say outsidevpn.company.com, I can configure the IPSec VPN tunnels from the outside to this? So if we do switch IPs we don't have to worry about it since all the vendors would simply have the tunnel to outsidevpn.company.com? I don't know how BGP/failover would work, or if we still need Ikev1, Ikev2, etc.
Any suggestions? Thanks