VSYS with Shared Gateway and Existing Global Protect

L2 Linker

VSYS with Shared Gateway and Existing Global Protect

We have a 3050 with one VSYS and is connected to an ISP with one IP address as we also use this VSYS for user VPN (Global Protect). All is working fine but we will be adding another VSYS to segregate another department’s Internet traffic. I would like both VSYS to share the same Internet and IP but I’m concerned if I read correctly about our existing Global Protect VPN configuration and the Shared Gateway being a problem.

 

I appreciate any help or insight.

Jeff

L2 Linker

Re: VSYS with Shared Gateway and Existing Global Protect

Bumping for any help.

Thank you.

Jeff

L3 Networker

Re: VSYS with Shared Gateway and Existing Global Protect

Jeff,

 

You are correct that there can only be one VPN Profile/Gateway per IP (I believe it is just the gateway side).

I am not an expert at making VSYS interact with eachother properly but from what you are describing (and having a 3050) it may make more sense to put the GP on its own VSYS and setup multiple profiles within both the GP Profile & Gateway to force different departments to different traffic (we use Group Policy for allowing VPN access).  The bottom line with GP is that you allow access to connect but it is the security rules that allow access to different components so using the same VPN but different AD groups with security rules and GP Profile/Gateway rules will allow you to limit both what IPs are displayed and what they are allowed to access.

 

Brian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!