https://live.paloaltonetworks.com/t5/general-topics/vpn-w-nat-on-external-ip-in-same-range-as-vpn-ip/m-p/30677#M22459 <HTML><HEAD></HEAD><BODY><P>maybe that title was convoluted but i need some feedback for somethiung i have not done before.</P><P></P><P>setting up a VPN but the other party says they DO NOT allow internal addreses over the VPN to their network; so i cant give them proxy IDs of 192.168.0.0 10.0.0.0 etc... it has to be an internet routable IP.</P><P></P><P>So,,</P><P></P><P>I dont have any proxy IDs</P><P>Im using an external internet routable IP from the same range im using to setup the VPN.</P><P></P><P>eg:</P><P>IP for VPN: <STRONG>5.5.5.5</STRONG></P><P>IP for "interesting traqffic (IP i will send packets with): <STRONG>5.5.5.4</STRONG></P><P></P><P>I will NAT the traffic out 5.5.5.4 while the 5.5.5.5 is used for the VPN tunnel.</P><P></P><P>I tried to use the same IP for both the VPN and the interesting traffic IP but the PA would not let me commit that, thats fine.</P><P></P><P>Is this going to work?</P><P></P><P>I ony have one chance to get this right before there is a change freeze over the holidays.</P><P></P><P></P><P>thanks</P></BODY></HTML> Thu, 12 Dec 2013 19:57:31 GMT choff123 2013-12-12T19:57:31Z https://live.paloaltonetworks.com/t5/general-topics/vpn-w-nat-on-external-ip-in-same-range-as-vpn-ip/m-p/30677#M22459 <HTML><HEAD></HEAD><BODY><P>maybe that title was convoluted but i need some feedback for somethiung i have not done before.</P><P></P><P>setting up a VPN but the other party says they DO NOT allow internal addreses over the VPN to their network; so i cant give them proxy IDs of 192.168.0.0 10.0.0.0 etc... it has to be an internet routable IP.</P><P></P><P>So,,</P><P></P><P>I dont have any proxy IDs</P><P>Im using an external internet routable IP from the same range im using to setup the VPN.</P><P></P><P>eg:</P><P>IP for VPN: <STRONG>5.5.5.5</STRONG></P><P>IP for "interesting traqffic (IP i will send packets with): <STRONG>5.5.5.4</STRONG></P><P></P><P>I will NAT the traffic out 5.5.5.4 while the 5.5.5.5 is used for the VPN tunnel.</P><P></P><P>I tried to use the same IP for both the VPN and the interesting traffic IP but the PA would not let me commit that, thats fine.</P><P></P><P>Is this going to work?</P><P></P><P>I ony have one chance to get this right before there is a change freeze over the holidays.</P><P></P><P></P><P>thanks</P></BODY></HTML> Thu, 12 Dec 2013 19:57:31 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-w-nat-on-external-ip-in-same-range-as-vpn-ip/m-p/30677#M22459 choff123 2013-12-12T19:57:31Z https://live.paloaltonetworks.com/t5/general-topics/vpn-w-nat-on-external-ip-in-same-range-as-vpn-ip/m-p/30678#M22460 <HTML><HEAD></HEAD><BODY><P>choff123,</P><P></P><P>I just performed a quick lab of your requirement and this requirement would work just fine.</P><P></P><P>There are no special caveats that I needed to put in place to get this working. I only needed to configure a bi-direction NAT for my real private interesting traffic and the NAT'd IP that would go over the tunnel; 5.5.5.4 in your case.</P><P></P><P>Let me know if you run into any problems performing this in your environment.</P><P></P><P>Regards,</P><P>tasonibare</P></BODY></HTML> Thu, 12 Dec 2013 23:13:21 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-w-nat-on-external-ip-in-same-range-as-vpn-ip/m-p/30678#M22460 tasonibare 2013-12-12T23:13:21Z