I'm coming over from the Cisco world and trying to setup two separate remote access VPNs but using the same gateway IP. My understanding is that normally with the PA you can use the security policies to differentiate users and provide access restrictions to different users that way.
Say though you wanted two different remote access VPNs each with different IP pool but with different access routes. In this example, one split-tunnel and one full-tunnel. That would seem to need two different tunnel interfaces which would could use two separate VPN zones. That way I can do zone based filtering for each vpn group instead of per user. From what I found, the access routes are configured in the gateway and there is no way to create different groups here. When I tried to create a different gateway profile I could not select the same external IP.
Am I doing something wrong here or does anyone know of a workaround.
Hi, unfortunately multiple gateways using the same IP address is not a supported configuration. I recommend using user groups within your security policies along with a user-identification configuration to achieve similar results.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!