This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Can firewall act as VPN client?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Can firewall act as VPN client?

Go to solution
Nick1
Not applicable

‎06-05-2013 11:17 PM

Wondering if we can configure a lab PA-200 to connect to a VPN concentrator on the internet using IPsec, as though it were a VPN client not a site-to-site tunnel.  Not connecting to the firewall using GP, but using the firewall itself as the VPN client...and then use routing or tunnel interface to receive interesting traffic sent to firewall that would then be routed out the VPN tunnel by the firewall

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
sraghunandan
L5 Sessionator
In response to Nick1

‎06-06-2013 03:07 PM

Hi Nick,

I don't think that's possible.the only way out is an ipsec site to site tunnel .

View solution in original post

0 Likes Likes
6 REPLIES 6

Go to solution
sraghunandan
L5 Sessionator

‎06-06-2013 11:21 AM

Please refer this document I think this is what you are looking for

https://live.paloaltonetworks.com/docs/DOC-4078

0 Likes Likes

Go to solution
sraghunandan
L5 Sessionator

‎06-06-2013 11:22 AM

And also https://live.paloaltonetworks.com/docs/DOC-4139

0 Likes Likes

Go to solution
Nick1
Not applicable

‎06-06-2013 02:44 PM

I am wondering more along the lines of using the PA-200 as a VPN client to a non-Palo Alto VPN concentrator, like a Cisco ASA.  Say for instance big Company A's central office has an ASA but only allows IPsec client connections to it, will not allow site-to-site tunnels.  Then they purchase a new Company B with 15 employees in another town that has a PA-200 as their office firewall.  Rather than setting up AnyConnect VPN client on all 15 employee workstations in Company B to connect to Company A, could I configure Company B's PA-200 to establish the client VPN connectivity one-time centrally and then route all Company B's non-internet server RDP traffic to Company A's datacenter through the VPN tunnel

0 Likes Likes

Go to solution
sraghunandan
L5 Sessionator
In response to Nick1

‎06-06-2013 03:07 PM

Hi Nick,

I don't think that's possible.the only way out is an ipsec site to site tunnel .

0 Likes Likes

Go to solution
JRussell
L3 Networker

‎06-07-2013 02:17 AM

I'm with sraghunadan here. I don't think it was ever intended to be used in that way, and trying to get it to work in this way would probably just waste your own time

0 Likes Likes

Go to solution
mikand
L6 Presenter
In response to JRussell

‎06-07-2013 11:57 AM

I think the LSVPN setup will use the devices as "clients" but I think its more of a semantics thingy.

What actually happends is that the device setups a tunnel towards the koncentrator which it will then route traffic through (so its encrypted).

0 Likes Likes
  • 1 accepted solution
  • 3191 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks