topic Setup IPSEC Tunnels from Active/Standby pair to Active/Active Pair in AWS in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/setup-ipsec-tunnels-from-active-standby-pair-to-active-active/m-p/272365#M626 <P>So, we are in the process of creating a prescence in AWS. We are planning on using a pair of VM-300 series firewalls (jn Active/Active) in a Transit VPC. Our on prem firewall pair (in Active/Standby mode) will connect to the Transit VPC via IPSEC tunnels. The first tunnel will be over a DirectConnect (DX) connection, and the second tunnel will ride over the public internet (in case the DX connection fails). So basically, each firewall will have 2 IPSEC VPN tunnels going to AWS.</P><P>&nbsp;</P><P>While the Transit VPC IPSEC tunnels in Active/Active mode are fine to have different IPSEC tunnels going to them, I am wondering how this will work on the on prem firewalls being as though the tunnel only works on the Active firewall. What would be the best way to make this work?</P> Sat, 22 Jun 2019 00:52:04 GMT Fr4nk4 2019-06-22T00:52:04Z Setup IPSEC Tunnels from Active/Standby pair to Active/Active Pair in AWS https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/setup-ipsec-tunnels-from-active-standby-pair-to-active-active/m-p/272365#M626 <P>So, we are in the process of creating a prescence in AWS. We are planning on using a pair of VM-300 series firewalls (jn Active/Active) in a Transit VPC. Our on prem firewall pair (in Active/Standby mode) will connect to the Transit VPC via IPSEC tunnels. The first tunnel will be over a DirectConnect (DX) connection, and the second tunnel will ride over the public internet (in case the DX connection fails). So basically, each firewall will have 2 IPSEC VPN tunnels going to AWS.</P><P>&nbsp;</P><P>While the Transit VPC IPSEC tunnels in Active/Active mode are fine to have different IPSEC tunnels going to them, I am wondering how this will work on the on prem firewalls being as though the tunnel only works on the Active firewall. What would be the best way to make this work?</P> Sat, 22 Jun 2019 00:52:04 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/setup-ipsec-tunnels-from-active-standby-pair-to-active-active/m-p/272365#M626 Fr4nk4 2019-06-22T00:52:04Z Re: Setup IPSEC Tunnels from Active/Standby pair to Active/Active Pair in AWS https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/setup-ipsec-tunnels-from-active-standby-pair-to-active-active/m-p/272427#M627 <P>VM-series in the Public Cloud only supports Active/Passive High Availability.</P> <P>BGP for Transit VPC is configured in an Active/Standby mode.&nbsp;</P> <P>I just wanted to clarify that before moving forward.&nbsp;</P> <P>&nbsp;</P> <P>Also a key note. Transit VPC the VM-Series is not in an HA configuration. BGP is set to ACtive/Standby but the VM-Series are not HA.&nbsp;</P> Sat, 22 Jun 2019 20:09:44 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/setup-ipsec-tunnels-from-active-standby-pair-to-active-active/m-p/272427#M627 jperry1 2019-06-22T20:09:44Z