question re split tunnelling

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

question re split tunnelling

Not applicable

We are installing some PA 500 firewalls at various sites within our company

each site has 1 connection to the internet - my question is if I want to install a dynamic multipoint VPN tunnel to connect this site to the company network and all traffic will use this - apart from internet traffic which will be pushed out locally - do I need one or two ISP circuits to do this?

thanks for any help

Sue

3 REPLIES 3

L4 Transporter

Sue,

You can do this using one ISP circuit. This ISP circuit will be used to connect the IPSec VPN tunnel to the head office. You can have a route on the remote location to send the traffic which belongs to the head office network over the VPN tunnel. All other traffic would go out to the internet using the default route to the ISP router.

Hope this helps, Do please let us know if you have any other questions.

Thanks

thanks for the reply and info - we are currently using CISCO routers to build the IPSEC GRE tunnels - would i still need to use the CISCO router to do this with the PA 500 firewall - or just the PA 500?

thanks

S

Hi Sue,

You cannot terminate the GRE tunnel on a PAN as of now, but you can terminate a IPSec tunnel on a PAN. So if you have a PA-500 to PA-500 IPSec will work with no problems. If you want you can also do a IPSec tunnel between a Cisco router and a PA-500. Below is the example of how the network would look like if you are doing a GRE tunnel and using a IPSec tunnel to encrypt the GRE tunnel traffic.

      Cisco                    Cisco

       Router-----------------Router ===========Pa-500 --------------Cisco Router

                   GRE                   IPSec Tunnel                GRE

Hope this help, do please let us know if you have any further questions.

Thanks

  • 1974 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!