This change is not happening now. This message is simply to give advance notice in order to give you time to change your firewall rules if necessary.
The current VPN Service is provided by a single server with IP address 220.127.116.11 .
The servers of the new VPN Service will have IP addresses from the 18.104.22.168/28 netblock.
The new Service will be provided by a cluster of servers in order to provide server redundancy. Because of the way in which Cisco ASA clusters work, all the cluster’s members’ IP addresses need to be accessible rather than just a single “master” address. Since firewall administrators who have 22.214.171.124 in their ruleset will have to change it, we’ve taken the opportunity to give the VPN servers their own small netblock so that any future changes won’t require further ruleset editing.
When connecting to the cluster, VPN clients first connect to the IP address of vpn.ox.ac.uk which is known as the Virtual Cluster Master (VCM). The VCM then gives the VPN client the IP address of the cluster member that it should use. The VPN client now makes a new connection directly to the cluster member to which it has been assigned.