topic Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) in Panorama Discussions https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576301#M2129 <P>Hello,</P> <P>Is a watchguard a route based or zone based firewall? Palo Alto is route based.</P> <P>Regards,</P> Tue, 06 Feb 2024 18:05:31 GMT OtakarKlier 2024-02-06T18:05:31Z ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576113#M2119 <P><SPAN><SPAN class="ui-provider fx byc ceg cer ces cet ceu cev cew cex cey cez cfa cfb cfc cfd cfe cff cfg cfh cfi cfj cfk cfl cfm cfn cfo cfp cfq cfr cfs cft cfu cfv cfw">for a client, i created these many tunnel interfaces for each of their sites. Now, for all these sites, they have 2-3 public ip addresses(for failover purposes). So, will i have to create new tunnel interfaces or should I just create new Ike gateways and ipsec tunnels and point them to the tunnels which I created earlier(shown on the screenshot below)? Please help</SPAN></SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="msdphi_0-1707168908909.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57359iBF77108C05E4BEE3/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="msdphi_0-1707168908909.png" alt="msdphi_0-1707168908909.png" /></span></P> <P>&nbsp;</P> Mon, 05 Feb 2024 21:35:40 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576113#M2119 msdphi 2024-02-05T21:35:40Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576116#M2120 <P>Hello,</P> <P>I think your answer would depend on how you plan to use the tunnel interfaces. You can assign multiple IP's to a singe interface. However for me, I use the interfaces for OSPF routing and to see if the tunnel is up, via 3rd party monitoring since the tunnels connect via different providers.</P> <P>Regards,</P> Mon, 05 Feb 2024 22:46:12 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576116#M2120 OtakarKlier 2024-02-05T22:46:12Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576299#M2128 <P>I want to know how to configure policy based site to site VPN from our Palo Alto to a site which has a watchguard firewall and has 3 public ip addresses(used for failover).</P> Tue, 06 Feb 2024 17:51:58 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576299#M2128 msdphi 2024-02-06T17:51:58Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576301#M2129 <P>Hello,</P> <P>Is a watchguard a route based or zone based firewall? Palo Alto is route based.</P> <P>Regards,</P> Tue, 06 Feb 2024 18:05:31 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576301#M2129 OtakarKlier 2024-02-06T18:05:31Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576306#M2130 <P>I am not sure about that. That is on the client's side.</P> Tue, 06 Feb 2024 18:28:03 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576306#M2130 msdphi 2024-02-06T18:28:03Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576307#M2131 <P>I am just configuring on panorama. I have already configured VPN to their primary public IP. I am not sure if I can point the same tunnel to the newly created ike gateways and ipsec tunnels for their branch sites.&nbsp;</P> Tue, 06 Feb 2024 18:32:26 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576307#M2131 msdphi 2024-02-06T18:32:26Z Re: ikev2 site to site VPN to sites with multiple public ip addresses(used for failover) https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576309#M2132 <P>Hello,</P> <P>You should be able to, however make sure your routing is set so that its not going to use multiple tunnels unless you are using ECMP.</P> <P>Regards,</P> Tue, 06 Feb 2024 18:37:29 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ikev2-site-to-site-vpn-to-sites-with-multiple-public-ip/m-p/576309#M2132 OtakarKlier 2024-02-06T18:37:29Z