https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/144903#M20 <P><SPAN>Hi Experts,</SPAN></P><DIV>&nbsp; &nbsp; Trying to &nbsp;setup Palo Alto VM series in Microsoft Azure ( 3 interface Mgmt ,Trust and Untrust) and &nbsp;only public ip is assigned to Management interface .<BR /><DIV>&nbsp;</DIV><DIV>In order to create the Site to Site VPN ipsec b/w Cisco ASAv and Pao Alto Fw the only interface available is Mgmt which has public ip but the Palo Alto Gui is not allowing me to use Mgmt interface as local IP or source interface .</DIV><DIV>&nbsp;</DIV><DIV>And if i try to assign public ip to any other interface of Palo Alto then Azure is giving an error mentioned below.</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV><IMG src="https://ip1.i.lithium.com/431e9004783da1dbef80260d8a4958ed565cd2ca/68747470733a2f2f6d61696c2e676f6f676c652e636f6d2f6d61696c2f752f302f3f75693d3226696b3d6439376430643061373326766965773d66696d672674683d313561373731633262666438346137342661747469643d302e3126646973703d656d62267265616c61747469643d69695f31356137373135383164373034323436266174746269643d414e476a644a396965374d54796b4f754654635076754d395656594239795533302d4a376d71426e316746557538615a4271754168643442385f486c5177796d72465f7571383558487372596f42783154725970743244477a623536345f626467754d76366331555f77326d536e4172666a72466c435374794d444d4e623026737a3d77313038382d68353736266174733d3134383830353732383332353826726d3d31356137373163326266643834613734267a7726617473683d31" border="0" alt="Inline image 1" width="544" height="288" /></DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Just want to understand how we can create site to site ipsec vpn on Palo Alto with single public ip on Mgmt interface , as the same setup is working perfect on ASAv and we can use Mgmt interface as source in ASAv.</DIV><DIV>&nbsp;</DIV><DIV>I can share the setup if someone wants to take a look.</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV><P><SPAN>wanclouds@panvwanclouds&gt; show config running&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>config {</SPAN></P><P><SPAN>&nbsp; mgt-config {</SPAN></P><P><SPAN>&nbsp; &nbsp; users {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; admin {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; phash *;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; permissions {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; role-based {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; superuser yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; wanclouds {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; phash $1$buaddxeg$F9xAm862FkTC869HKCU1e1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; permissions {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; role-based {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; superuser yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>&nbsp; shared {</SPAN></P><P><SPAN>&nbsp; &nbsp; application;</SPAN></P><P><SPAN>&nbsp; &nbsp; application-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; service;</SPAN></P><P><SPAN>&nbsp; &nbsp; service-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; botnet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; configuration {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; http {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dynamic-dns {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; malware-sites {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; recent-domains {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-domains {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; executables-from-unknown-sites {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; other-applications {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; irc yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; unknown-applications {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unknown-tcp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destinations-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sessions-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; session-length {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; maximum-bytes 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; minimum-bytes 50;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unknown-udp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destinations-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sessions-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; session-length {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; maximum-bytes 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; minimum-bytes 50;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; report {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; topn 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; scheduled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>&nbsp; devices {</SPAN></P><P><SPAN>&nbsp; &nbsp; localhost.localdomain {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; interface {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet1/1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipv6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; neighbor-discovery {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; router-advertisement {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ndp-proxy {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<A href="http://10.0.1.4/24" target="_blank">10.0.1.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lldp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet1/2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipv6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; neighbor-discovery {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; router-advertisement {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ndp-proxy {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lldp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<A href="http://10.0.2.4/24" target="_blank">10.0.2.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; units {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel.1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; comment ipsec-s-s;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; monitor-profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interval 3;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action wait-recover;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; ike {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption [ 3des aes-128-cbc];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-128 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha256;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group19;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-256 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-256-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha384;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group20;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption [ 3des aes-128-cbc];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-128 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-gcm;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication none;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group19;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-256 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-256-gcm;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication none;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group20;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; global-protect-app-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; gateway {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-peer-csr {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pre-shared-key {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; key -AQ==KUGt+eZobgDsoMJzqj4Pf48NH0w=SFAlEHCj9+AttIUAYLgRUA==;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ikev1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dpd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ikev2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dpd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol-common {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nat-traversal {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fragmentation {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-address {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface ethernet1/1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip&nbsp;<A href="http://10.0.1.4/24" target="_blank">10.0.1.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; peer-address {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip 52.34.x.x;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; id 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type ipaddr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; peer-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; id 172.31.16.49;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type ipaddr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; qos {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority real-time;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority high;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority high;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class4 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority medium;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class5 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority medium;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class7 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class8 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; virtual-router {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bgp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dampening-profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cutoff 1.25;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; reuse 0.5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; max-hold-time 900;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; decay-half-life-reachable 300;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; decay-half-life-unreachable 900;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; routing-options {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; graceful-restart {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ecmp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; algorithm {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-modulo;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface [ ethernet1/1 ethernet1/2 tunnel.1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; routing-table {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; static-route {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CSR-AWS-SYED {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; path-monitor {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; failure-condition any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hold-time 2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bfd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; profile None;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface tunnel.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; metric 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destination&nbsp;<A href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; route-table {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unicast;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; tunnel {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec-tunnel-1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; auto-key {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-gateway {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-peer-csr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-remote-subnet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local&nbsp;<A href="http://10.0.2.0/24" target="_blank">10.0.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; remote&nbsp;<A href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel-monitor {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel-interface tunnel.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; deviceconfig {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; system {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dhcp-client {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-hostname yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-client-id no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-hostname no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-domain no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; update-server&nbsp;<A href="http://updates.paloaltonetworks.com/" target="_blank">updates.paloaltonetworks.com</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; update-schedule {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threats {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; recurring {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; weekly {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; day-of-week wednesday;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; at 01:02;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action download-only;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; timezone US/Pacific;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disable-telnet yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disable-http yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-address 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname panvwanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; netmask 255.255.255.0;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default-gateway 10.0.0.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dns-setting {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; servers {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; primary 168.63.129.16;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; setting {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; config {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rematch yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; management {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname-type-in-syslog FQDN;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; initcfg {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dhcp-client {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-hostname yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-client-id no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-hostname no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-domain no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-address 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; netmask 255.255.255.0;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default-gateway 10.0.0.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dns-primary 168.63.129.16;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; username wanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname panvwanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; vsys {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; vsys1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; zone {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; untrust {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 [ ethernet1/2 tunnel.1 ethernet1/1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; trust {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; schedule;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rulebase {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nat {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rules;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; security {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rules {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ANY {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; to any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; source any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destination any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; source-user any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; category any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service application-default;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hip-profiles any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action allow;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; import {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface [ ethernet1/1 ethernet1/2 tunnel.1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>}</SPAN></P><P>&nbsp;</P><P><SPAN>wanclouds@panvwanclouds&gt;&nbsp;</SPAN></P></DIV></DIV> Sat, 25 Feb 2017 21:16:33 GMT faizullah 2017-02-25T21:16:33Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/144903#M20 <P><SPAN>Hi Experts,</SPAN></P><DIV>&nbsp; &nbsp; Trying to &nbsp;setup Palo Alto VM series in Microsoft Azure ( 3 interface Mgmt ,Trust and Untrust) and &nbsp;only public ip is assigned to Management interface .<BR /><DIV>&nbsp;</DIV><DIV>In order to create the Site to Site VPN ipsec b/w Cisco ASAv and Pao Alto Fw the only interface available is Mgmt which has public ip but the Palo Alto Gui is not allowing me to use Mgmt interface as local IP or source interface .</DIV><DIV>&nbsp;</DIV><DIV>And if i try to assign public ip to any other interface of Palo Alto then Azure is giving an error mentioned below.</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV><IMG src="https://ip1.i.lithium.com/431e9004783da1dbef80260d8a4958ed565cd2ca/68747470733a2f2f6d61696c2e676f6f676c652e636f6d2f6d61696c2f752f302f3f75693d3226696b3d6439376430643061373326766965773d66696d672674683d313561373731633262666438346137342661747469643d302e3126646973703d656d62267265616c61747469643d69695f31356137373135383164373034323436266174746269643d414e476a644a396965374d54796b4f754654635076754d395656594239795533302d4a376d71426e316746557538615a4271754168643442385f486c5177796d72465f7571383558487372596f42783154725970743244477a623536345f626467754d76366331555f77326d536e4172666a72466c435374794d444d4e623026737a3d77313038382d68353736266174733d3134383830353732383332353826726d3d31356137373163326266643834613734267a7726617473683d31" border="0" alt="Inline image 1" width="544" height="288" /></DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Just want to understand how we can create site to site ipsec vpn on Palo Alto with single public ip on Mgmt interface , as the same setup is working perfect on ASAv and we can use Mgmt interface as source in ASAv.</DIV><DIV>&nbsp;</DIV><DIV>I can share the setup if someone wants to take a look.</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV><P><SPAN>wanclouds@panvwanclouds&gt; show config running&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>config {</SPAN></P><P><SPAN>&nbsp; mgt-config {</SPAN></P><P><SPAN>&nbsp; &nbsp; users {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; admin {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; phash *;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; permissions {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; role-based {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; superuser yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; wanclouds {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; phash $1$buaddxeg$F9xAm862FkTC869HKCU1e1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; permissions {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; role-based {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; superuser yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>&nbsp; shared {</SPAN></P><P><SPAN>&nbsp; &nbsp; application;</SPAN></P><P><SPAN>&nbsp; &nbsp; application-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; service;</SPAN></P><P><SPAN>&nbsp; &nbsp; service-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; botnet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; configuration {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; http {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dynamic-dns {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; malware-sites {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; recent-domains {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-domains {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; executables-from-unknown-sites {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; other-applications {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; irc yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; unknown-applications {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unknown-tcp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destinations-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sessions-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; session-length {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; maximum-bytes 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; minimum-bytes 50;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unknown-udp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destinations-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sessions-per-hour 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; session-length {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; maximum-bytes 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; minimum-bytes 50;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; report {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; topn 100;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; scheduled yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>&nbsp; devices {</SPAN></P><P><SPAN>&nbsp; &nbsp; localhost.localdomain {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; interface {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet1/1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipv6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; neighbor-discovery {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; router-advertisement {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ndp-proxy {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<A href="http://10.0.1.4/24" target="_blank">10.0.1.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lldp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ethernet1/2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipv6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; neighbor-discovery {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; router-advertisement {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ndp-proxy {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enabled no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lldp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<A href="http://10.0.2.4/24" target="_blank">10.0.2.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; units {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel.1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; comment ipsec-s-s;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; monitor-profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interval 3;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threshold 5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action wait-recover;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; ike {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption [ 3des aes-128-cbc];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-128 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha256;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group19;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-256 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-256-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hash sha384;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group20;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 8;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption [ 3des aes-128-cbc];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-128 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-gcm;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication none;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group19;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Suite-B-GCM-256 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; esp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-256-gcm;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication none;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh-group group20;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; lifetime {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hours 1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; global-protect-app-crypto-profiles {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; encryption aes-128-cbc;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication sha1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; gateway {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-peer-csr {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; authentication {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pre-shared-key {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; key -AQ==KUGt+eZobgDsoMJzqj4Pf48NH0w=SFAlEHCj9+AttIUAYLgRUA==;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ikev1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dpd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ikev2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dpd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol-common {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nat-traversal {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fragmentation {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-address {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface ethernet1/1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip&nbsp;<A href="http://10.0.1.4/24" target="_blank">10.0.1.4/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; peer-address {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip 52.34.x.x;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; id 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type ipaddr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; peer-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; id 172.31.16.49;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type ipaddr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; qos {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority real-time;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class2 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority high;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class3 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority high;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class4 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority medium;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class5 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority medium;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class6 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class7 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; class8 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; priority low;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; virtual-router {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bgp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dampening-profile {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cutoff 1.25;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; reuse 0.5;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; max-hold-time 900;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; decay-half-life-reachable 300;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; decay-half-life-unreachable 900;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; routing-options {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; graceful-restart {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ecmp {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; algorithm {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-modulo;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface [ ethernet1/1 ethernet1/2 tunnel.1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; routing-table {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; static-route {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CSR-AWS-SYED {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; path-monitor {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; failure-condition any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hold-time 2;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bfd {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; profile None;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface tunnel.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; metric 10;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destination&nbsp;<A href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; route-table {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unicast;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; tunnel {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ipsec-tunnel-1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; auto-key {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-gateway {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ike-peer-csr;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy-id {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local-remote-subnet {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protocol {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; local&nbsp;<A href="http://10.0.2.0/24" target="_blank">10.0.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; remote&nbsp;<A href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel-monitor {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; enable no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tunnel-interface tunnel.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; deviceconfig {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; system {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dhcp-client {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-hostname yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-client-id no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-hostname no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-domain no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; update-server&nbsp;<A href="http://updates.paloaltonetworks.com/" target="_blank">updates.paloaltonetworks.com</A>;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; update-schedule {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; threats {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; recurring {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; weekly {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; day-of-week wednesday;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; at 01:02;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action download-only;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; timezone US/Pacific;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disable-telnet yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; disable-http yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-address 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname panvwanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; netmask 255.255.255.0;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default-gateway 10.0.0.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dns-setting {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; servers {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; primary 168.63.129.16;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; setting {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; config {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rematch yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; management {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname-type-in-syslog FQDN;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; initcfg {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; type {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dhcp-client {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-hostname yes;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; send-client-id no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-hostname no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; accept-dhcp-domain no;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ip-address 10.0.0.4;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; netmask 255.255.255.0;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; default-gateway 10.0.0.1;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dns-primary 168.63.129.16;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; username wanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hostname panvwanclouds;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; vsys {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; vsys1 {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; zone {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; untrust {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3 [ ethernet1/2 tunnel.1 ethernet1/1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; trust {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; layer3;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service-group;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; schedule;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rulebase {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nat {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rules;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; security {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rules {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ANY {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; to any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; source any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destination any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; source-user any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; category any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; application any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; service application-default;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hip-profiles any;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; action allow;</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; import {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; network {</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; interface [ ethernet1/1 ethernet1/2 tunnel.1];</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; &nbsp; }</SPAN></P><P><SPAN>&nbsp; }</SPAN></P><P><SPAN>}</SPAN></P><P>&nbsp;</P><P><SPAN>wanclouds@panvwanclouds&gt;&nbsp;</SPAN></P></DIV></DIV> Sat, 25 Feb 2017 21:16:33 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/144903#M20 faizullah 2017-02-25T21:16:33Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145102#M21 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/57174">@faizullah</a>,</P><P>&nbsp;</P><P>Your image is not uploaded properly. Please, can you repost it again? l am sure we can figure it out</P><P>&nbsp;</P><P>Thx,</P><P>Myky</P> Mon, 27 Feb 2017 17:14:29 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145102#M21 TranceforLife 2017-02-27T17:14:29Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145126#M22 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/7929iA3E00E874EFED5F3/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screen Shot 2017-02-25 at 1.05.13 AM.png" alt="error" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">error</span></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Error while selecting 2nd public ip." style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/7930i2C2A273E406B12F0/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screen Shot 2017-02-25 at 1.05.13 AM.png" alt="Error while selecting 2nd public ip." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Error while selecting 2nd public ip.</span></span></P> Mon, 27 Feb 2017 19:30:18 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145126#M22 faizullah 2017-02-27T19:30:18Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145127#M23 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/7929iA3E00E874EFED5F3/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screen Shot 2017-02-25 at 1.05.13 AM.png" alt="error" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">error</span></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Error while selecting 2nd public ip." style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/7930i2C2A273E406B12F0/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screen Shot 2017-02-25 at 1.05.13 AM.png" alt="Error while selecting 2nd public ip." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Error while selecting 2nd public ip.</span></span></P> Mon, 27 Feb 2017 19:30:50 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145127#M23 faizullah 2017-02-27T19:30:50Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145142#M24 <P><SPAN>Thanks MyKy for looking into it please let me know if u need anything else , the only use case i want to understand here how we can configure Site-to-Site IPsec VPN b/w Palo Alto Device hosted in Azure cloud with only public IP on Mgmt Interface with ASAv hosted on Azure or AWS as ASAv honors use of MGMT interface as local address or source interface in S-S ipsec vpn.</SPAN></P><DIV>&nbsp;</DIV><DIV>Regards</DIV><DIV>Syed.</DIV> Mon, 27 Feb 2017 21:38:55 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145142#M24 faizullah 2017-02-27T21:38:55Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145234#M25 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/57174">@faizullah</a>,</P><P>&nbsp;</P><P>As far as l am aware&nbsp;MGMT interface it is purely for the device management out-of-band&nbsp;traffic (getting updates, manage the device etc). To have an S2S VPN you still have to configure policy ( Palo is a zone-based firewall where&nbsp;Cisco ASA is an interface based). Since you cannot add your MGMT interface to the&nbsp;policy think it is not possible in your scenario. However, you still can manage firewall using any other interface with MGMT profiles applied allowing (HTTPS or/ and SSH).</P><P>&nbsp;</P><P>Thx,</P><P>Myky</P> Tue, 28 Feb 2017 09:03:25 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/145234#M25 TranceforLife 2017-02-28T09:03:25Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/146553#M26 <P>If Mgmt interface is only control plane traffic how we can use Palo Alto FW deployed in AWS cloud with single public IP for S-S ipsec VPN tunnel .</P><P>&nbsp;</P><P>I have checked this thread and used Elastic Public to asssociate with eth1 but still not working and is getting stuck in Maintaence mode .</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/AWS-Azure-Discussions/Azure-VM-Series-and-mgmt-interface-swap/m-p/130439#U130439" target="_blank">https://live.paloaltonetworks.com/t5/AWS-Azure-Discussions/Azure-VM-Series-and-mgmt-interface-swap/m-p/130439#U130439</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Will really appreciate if someone can tell me if S-S IPsec vpn possible for PaloALto deployed in AWS with Single IP or not .</P> Tue, 07 Mar 2017 22:28:59 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/146553#M26 faizullah 2017-03-07T22:28:59Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/154271#M44 <P><SPAN>You are going to have to set an unstrust interface to be public facing and terminate the IPsec tunnel there, and then apply a management profile to it. Using the only public IP for your management interface will not work for setting up a tunnel.&nbsp;</SPAN></P> Wed, 26 Apr 2017 18:03:55 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/154271#M44 ChrisRussell 2017-04-26T18:03:55Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/154430#M45 <P>Hello,</P><P>&nbsp;</P><P>Azure announced last month support for multiple public IPs per instance: <A href="https://azure.microsoft.com/en-us/updates/ga-multiple-ips-per-nic/" target="_blank">https://azure.microsoft.com/en-us/updates/ga-multiple-ips-per-nic/</A></P><P>&nbsp;</P><P>You&nbsp;can now assign a public IP to the VM-Series management interface and a separate public IP address to the dataplane and use that second IP to build your IPsec tunnel.</P><P>&nbsp;</P> Thu, 27 Apr 2017 17:12:17 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/site-to-site-vpn-ipsec-b-w-palo-alto-and-cisco-with-only-public/m-p/154430#M45 Warby 2017-04-27T17:12:17Z