topic Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel in General Topics

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

louey11 — Wed, 10 Jun 2020 13:50:56 GMT

Hello everyone,

I am working on a project to deploy a Cluster of two Palo Alto VM's on Azure. While designing the solution with an internal and external Loadbalancer (you can see the picture in my post) i don't know if i need to configure Public IP address in both Firewall's external interfaces to handle a source NAT for internal resources and also a destination NAT or just put a public IP address in the external loadbalancer only.

We need VPN IPSEC tunnels in the external interfaces, Public IP adresses have to be configured directly on the Firewall in this case? if no (only in external loadbalancer), in the VPN configuration the Peer IP address should be the loadbalancer Public IP address ?

Thank you in advance,

Louey

Re: Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

reaper — Mon, 18 Sep 2023 13:57:02 GMT

You can enable NAT traversal and use internal IPs on the firewall, you can then use FQDN or userFQDN as local identification

the remote peer will need to use the load balancer public IP (or can even have dynamic)

Re: Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

BilalMohd — Mon, 04 Sep 2023 17:46:02 GMT

@reaper any documents which can help me in configuring ipsec vpn tunnels on these palo alto vm-series firewalls configured in HA (Active/Passive) in Azure. @louey11 any luck on this, were you able to configure IPSEC vpn tunnels?