https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514317#M106780 <P>Nice work!</P> Thu, 08 Sep 2022 19:44:05 GMT OtakarKlier 2022-09-08T19:44:05Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/513970#M106717 <P>Hi</P> <P>&nbsp;</P> <P>I have 2 questions.</P> <P>1. I want to create an IPSec tunnel, using a loopback interface.</P> <P>This removes a dependency on the main interface ip. ie if the loopback ip is :3.4.5.2, and the main internet ip is changed from 3.4.5.1 to 3.4.5.30, this then doesn't impact the IPSec tunnel.</P> <P>&nbsp;</P> <P>After the IPSec tunnel is online.</P> <P>2. I want to NAT the communication from different ip's across several internal subnets to a specific 10.x.x.x/24 subnet as the new "source". This subnet is then used to communicate to Site B's internal subnets. This masks Site A internal subnets and removes additional configuration requirements from Site B, when additional Site A subnets are enabled.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CherieWatts_3-1662410895804.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/43676i2F6CAFA0845D14F8/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="CherieWatts_3-1662410895804.png" alt="CherieWatts_3-1662410895804.png" /></span></P> <P>Can anyone direct me to the pertinent doco to look up how to do my NAT, ie question 2?</P> <P>&nbsp;</P> <P>Doesn't anyone see any major issues with this design?</P> <P>Thanks for any feedback</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 05 Sep 2022 20:55:37 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/513970#M106717 CherieWatts 2022-09-05T20:55:37Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514092#M106731 <P>Hello,</P> <P>So since the traffic is sourced from site A and you are putting the NAT into site A's firewall. You can use a Source NAT, if you are putting the NAT rules in firewall B, then use a Destination NAT.</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/nat/source-nat-and-destination-nat/source-nat" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/nat/source-nat-and-destination-nat/source-nat</A></P> <P>Hope this helps.</P> Tue, 06 Sep 2022 18:55:28 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514092#M106731 OtakarKlier 2022-09-06T18:55:28Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514194#M106760 <P>Hi OtakarKlier,</P> <P>I implemented the site-to-site vpn yesterday and its all working correctly.</P> <P>I am really happy.</P> <P>Thanks</P> <P>Cherie</P> Wed, 07 Sep 2022 21:27:22 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514194#M106760 CherieWatts 2022-09-07T21:27:22Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514317#M106780 <P>Nice work!</P> Thu, 08 Sep 2022 19:44:05 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-with-loopback-and-nat/m-p/514317#M106780 OtakarKlier 2022-09-08T19:44:05Z