This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

IPsec question

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IPsec question

Go to solution
Nick.Spender
L2 Linker

‎09-27-2018 03:33 PM - edited ‎09-27-2018 05:34 PM

Hello

I have many IPsec connectios on my PA. But their are 2 that both use 192.168.100.x

Now IPsec A is policy based. So I have configured the proxy ID's. All working fine. Now I have narrowed the routes down to the 2 host I require. Which are 192.168.100.32/32 and .33/32 , IPsec B is a tunnel / route based IPsec. I've added the routes in which are 192.168.100.250/32 and .251/32. Should this be a problem? Also a side note can you have 2 IPsec connections which are policy base (proxy ID's) so they have the same proxy ID's but different routes i.e like I have above

Thanks Nick 🙂
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to Nick.Spender

‎09-28-2018 07:30 AM

Hello,

Sorry I misunderstood the question. This should be OK if you have the routes setup in your virtual router the same way. The PAN would then know where to send the packets.

 

Regards,

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎09-28-2018 07:19 AM

Hello Nick,

Sounds like you have overlapping subnets. There is a PAN solution for this. Check out the following article:

 

https://www.paloaltonetworks.com/documentation/10/cloud-services/globalprotect-cloud-service-gsg/gpc...

 

Regards,

0 Likes Likes

Go to solution
Nick.Spender
L2 Linker
In response to OtakarKlier

‎09-28-2018 07:26 AM

But thats the question do i have overlapping subnets as the routes i have for the IPsec's are as followed

 

IPSec A

192.168.100.250/32

192.168.100.251/32

 

IPSec B

192.168.100.32/32

192.168.100.33/32

 

So the IP addresses are not actaully overlapping as i am refereancing them as /32's 

 

is this correct? 

0 Likes Likes

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to Nick.Spender

‎09-28-2018 07:30 AM

Hello,

Sorry I misunderstood the question. This should be OK if you have the routes setup in your virtual router the same way. The PAN would then know where to send the packets.

 

Regards,

0 Likes Likes
  • 1 accepted solution
  • 3890 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks