Adding 2 public IPs to SRX220h causes the site-site VPN go down
Here is the scenario. We have site1 with SRX220h and site2 with SSG5 routers. Both are connected using policy based IPSec vpn with preshared keys. We also have static NATs and related policies to map public to private IP addresses.
We currently have 10 block ip addresses(say 10.5.1.1-10) from our ISP at site1 and SRX220h's ge/0.0(public/untrust interface) is assigned to one IP(10.5.1.1) address from the block. We recently bought another 10 block of IP addresses(say 184.108.40.206-10). The ISP has assigned the new block to same network.
2 scenarios are playing out here
1. When I add 220.127.116.11 to SRX220h's ge/0.0 interface I am able to static NAT the remaining IPs to private IP addresses, BUT THE SITE-SITE VPN between site1 and 2 does not work
2. If I do not add the 18.104.22.168 to ge/0.0, VPN works fine, but STATIC NAT will not work.
I am looking for a solution where both site to site VPN is up and static NATs are mapped properly.