IPsec question

Reply
Highlighted
L2 Linker

IPsec question

Hello

I have many IPsec connectios on my PA. But their are 2 that both use 192.168.100.x

Now IPsec A is policy based. So I have configured the proxy ID's. All working fine. Now I have narrowed the routes down to the 2 host I require. Which are 192.168.100.32/32 and .33/32 , IPsec B is a tunnel / route based IPsec. I've added the routes in which are 192.168.100.250/32 and .251/32. Should this be a problem? Also a side note can you have 2 IPsec connections which are policy base (proxy ID's) so they have the same proxy ID's but different routes i.e like I have above

Thanks Nick :)
L7 Applicator

Re: IPsec question

Hello Nick,

Sounds like you have overlapping subnets. There is a PAN solution for this. Check out the following article:

 

https://www.paloaltonetworks.com/documentation/10/cloud-services/globalprotect-cloud-service-gsg/gpc...

 

Regards,

L2 Linker

Re: IPsec question

But thats the question do i have overlapping subnets as the routes i have for the IPsec's are as followed

 

IPSec A

192.168.100.250/32

192.168.100.251/32

 

IPSec B

192.168.100.32/32

192.168.100.33/32

 

So the IP addresses are not actaully overlapping as i am refereancing them as /32's 

 

is this correct? 

L7 Applicator

Re: IPsec question

Hello,

Sorry I misunderstood the question. This should be OK if you have the routes setup in your virtual router the same way. The PAN would then know where to send the packets.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!