Hi Airheads,
We're running a deployment with 2 x Masters with VRRP redundancy and 2 Local controllers.
We need to move the Master controllers to a different subnet, so wondering what implications there are to doing this. In addition we were planning to use the factory cert for IPSec rather than a pre-shared key.
Is it as simple as the following?
- Create new VLAN interface on Master controllers
- Re-configure VRRP / Master redundancy using new interfaces / addressing
- Change Master IP address / authentication method on each Local controller
Are any reboots required on either Masters or Locals?
It also happens that the Masters will live behind a firewall going forwards, is it sufficient to add the appropriate IKE, UDP-4500, ESP services from Local to Masters only or are bi-directional rules required?