https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11879#M8727 <HTML><HEAD></HEAD><BODY><P>Hi All,..</P><P></P><P>We have two clients who have same ip subnets for VPN users ( ex. 192.168.29.0/24). Is it possible to configure PaloAlto to support both VPNs for different source users.&nbsp; </P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VPN1:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Source- 10.66.249.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Destination- 192.168.29.0/24&nbsp;&nbsp;&nbsp;&nbsp; Peer IP-&nbsp; X.X.X.X</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VPN2:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Source- 172.16.1.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Destination- 192.168.29.0/24&nbsp;&nbsp;&nbsp;&nbsp; Peer IP- y.y.y.y</P><P></P><P>Can we use PBF to achieve this.</P><P>Ex. If source is 10.66.249.0/24 and destination is 192.168.29.0/24 then route to tunnel.1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If source is 172.16.1.0/24 and destination is 192.168.29.0/24 then route to tunnel.2</P><P></P><P>If this works what ip address we needs to assign for each tunnel . Because without ip address to tunnel we can't use PBF.</P><P>Correct me if am wrong.</P><P></P><P>Kindly help,.</P><P></P><P>Regards,</P><P>Gururaj</P></BODY></HTML> Thu, 08 Aug 2013 04:51:26 GMT Gururaj 2013-08-08T04:51:26Z https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11879#M8727 <HTML><HEAD></HEAD><BODY><P>Hi All,..</P><P></P><P>We have two clients who have same ip subnets for VPN users ( ex. 192.168.29.0/24). Is it possible to configure PaloAlto to support both VPNs for different source users.&nbsp; </P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VPN1:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Source- 10.66.249.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Destination- 192.168.29.0/24&nbsp;&nbsp;&nbsp;&nbsp; Peer IP-&nbsp; X.X.X.X</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VPN2:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Source- 172.16.1.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Destination- 192.168.29.0/24&nbsp;&nbsp;&nbsp;&nbsp; Peer IP- y.y.y.y</P><P></P><P>Can we use PBF to achieve this.</P><P>Ex. If source is 10.66.249.0/24 and destination is 192.168.29.0/24 then route to tunnel.1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If source is 172.16.1.0/24 and destination is 192.168.29.0/24 then route to tunnel.2</P><P></P><P>If this works what ip address we needs to assign for each tunnel . Because without ip address to tunnel we can't use PBF.</P><P>Correct me if am wrong.</P><P></P><P>Kindly help,.</P><P></P><P>Regards,</P><P>Gururaj</P></BODY></HTML> Thu, 08 Aug 2013 04:51:26 GMT https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11879#M8727 Gururaj 2013-08-08T04:51:26Z https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11880#M8728 <HTML><HEAD></HEAD><BODY><P><SPAN class="GingerNoCheckStart"></SPAN>Hi Gururaj,</P><P></P><P>If i understood correctly, above mentioned subnets are belong to private networks right ( end users)..?. But Site to site VPN will establish between&nbsp; gateway to gateway, (between two public IP address).</P><P>So, it will be ok to configure 2 different tunnel and Palo Alto firewall will support the same.</P><P></P><P>Please&nbsp; configure proxy ID for both tunnel. <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>Thanks</P><P>Subhankar</P><P><SPAN class="GingerNoCheckEnd"></SPAN></P></BODY></HTML> Thu, 08 Aug 2013 05:15:16 GMT https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11880#M8728 HULK 2013-08-08T05:15:16Z https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11881#M8729 <HTML><HEAD></HEAD><BODY><P>Hi Subhankar,.</P><P></P><P>But in Virtual router we need to give static route for private subnets to route through tunnel.Below is the snap for the same.</P><P></P><P><IMG alt="" class="jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/7561_pastedImage_0.png" style="width: 799px; height: 227px;" /></P><P></P><P>In our scenario destination (private network) for both sites is 192.168.29.0/24, How we can define two static routes for same destination?</P><P></P><P>Can we use PBF to achieve this.</P><P>Ex. If source is 10.66.249.0/24 and destination is 192.168.29.0/24 then route to tunnel.1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If source is 172.16.1.0/24 and destination is 192.168.29.0/24 then route to tunnel.2</P><P></P><P>If this works what ip address we needs to assign for each tunnel we should use. Because without ip address to tunnel we can't use PBF.</P><P>Correct me if am wrong.</P><P></P><P>Thank you,</P><P>Gururaj</P></BODY></HTML> Thu, 08 Aug 2013 05:32:45 GMT https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11881#M8729 Gururaj 2013-08-08T05:32:45Z https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11882#M8730 <HTML><HEAD></HEAD><BODY><P>Hi Gururaj,</P><P></P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;">Overlapping subnets for host IP's are supported only when they are in a separate virtual router. For example:</P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;"></P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;">Virtual Router1: 192.168.1.1/24</P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;">Virtual Router2: 192.168.1.2/24</P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;"></P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;">Hope it will help you.</P><P style="font-size: 12.222222328186035px; font-family: Arial, Helvetica, sans-serif; color: #000000; background-color: #ffffff;">Thanks</P></BODY></HTML> Thu, 08 Aug 2013 05:41:03 GMT https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11882#M8730 HULK 2013-08-08T05:41:03Z https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11883#M8731 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Doc fo you: <A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1594">https://live.paloaltonetworks.com/docs/DOC-1594</A> <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>hope help</P><P></P><P>V.</P></BODY></HTML> Thu, 08 Aug 2013 07:51:12 GMT https://live.paloaltonetworks.com/t5/general-topics/configuring-s-to-s-vpn-between-three-devices/m-p/11883#M8731 VinceM 2013-08-08T07:51:12Z