Production BM3.0 on NW5.0, I want to replace it with BM3.7 on NW6.0,
new machine, not an upgrade. I use dynamic NAT, packet-filtering,
VPN. 3 interfaces (private, internet, DMZ), both servers configured
on the same 3 IP subnets. BM3.7 server is set up, filters configured.
It's plugged into the private network, its other 2 interfaces are
plugged into their own isolated hubs so far while I prepare. Can I
configure VPN with new server as a Master Server, on a unique network
address, and not worry the new and old might conflict across the
private subnet? Or in Directory Services (it's Master and clients, no
Slaves)? When I cut over, I've read that I can add old server's 3 IP
addresses as Secondary IP addresses on the new server and cutover
should be transparent to the rest of the world. Is that right? It
sounds too simple. Dynamically-NATted clients on private network must
find new server's private interface as default gateway rather than old
server. Public-addressed servers on DMZ (smtp, http, https, ftp) must
find new server's DMZ interface as default gateway. VPN clients must
find new server's public interface rather than the old. The rest of
the Internet (including my internet router) must find DMZ servers and
respond to private clients via new server rather than old. Will
Secondary IP Addresses do all those things? Is this plausible? Any
big snags to look out for?