There is a need to know if there can be multiple IPsec tunnels with the same egress IP connected to different Web Security Service (WSS) data-centers.  This for the purpose of having a failover ready for the IPsec tunnel currently serving as the primary access method (Firewall/VPN).

An IPsec tunnel to another WSS data-center can be set up as a failover with the same egress IP as another IPsec tunnel.  However, the failover tunnel cannot be active at the same time as the primary IPsec tunnel (this will cause an outage).

To address current outages or other issues, see the links to articles below:

• Mandatory Data to Gather After a Network Related Outage for IPSEC
• Mandatory Data to Gather During a Network Related Outage for IPSEC

Here are some other resources regarding failover and other IPSec issues tunnels:

• IPSec failover setup for Cisco ASA
• IPsec Tunnel Failures