We have a 3050 with one VSYS and is connected to an ISP with one IP address as we also use this VSYS for user VPN (Global Protect). All is working fine but we will be adding another VSYS to segregate another department’s Internet traffic. I would like both VSYS to share the same Internet and IP but I’m concerned if I read correctly about our existing Global Protect VPN configuration and the Shared Gateway being a problem.
I appreciate any help or insight.
You are correct that there can only be one VPN Profile/Gateway per IP (I believe it is just the gateway side).
I am not an expert at making VSYS interact with eachother properly but from what you are describing (and having a 3050) it may make more sense to put the GP on its own VSYS and setup multiple profiles within both the GP Profile & Gateway to force different departments to different traffic (we use Group Policy for allowing VPN access). The bottom line with GP is that you allow access to connect but it is the security rules that allow access to different components so using the same VPN but different AD groups with security rules and GP Profile/Gateway rules will allow you to limit both what IPs are displayed and what they are allowed to access.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!