IPsec Source IP Address Per Tunnel Interface

To deploy the XA1400 Series in an environment that includes more than one provider connection with IPsec, you require a source IP address for each IPsec tunnel.

When you connect to a broadband provider such as cable modem, DSL, or LTE, the only routable IP interface is the one that is assigned by the provider (either through DHCP or statically). As a result, the Internet can only route the assigned subnet. You cannot deploy a routing protocol between the branch device and the provider modem.

When you connect two different providers to a branch device, each provider uses a different subnet. The XA1400 Series must apply a different source IP address for each IPsec tunnel.

The following options are available to configure a specific source IP address for each IPsec tunnel: