This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Accessing multiple network zones over IPSEC VPN

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Accessing multiple network zones over IPSEC VPN

Go to solution
cmateam
L3 Networker

‎08-14-2012 10:45 PM

I am trying to setup a IPSEC tunnel between two PA-2020's, one on each side.  I have the tunnel connecting and can access devices over the tunnel. However I am trying to access multiple network zones over the tunnel, and I am not sure how to configure that.  I've typed up my setup below.

Site-A (main site) has a 192.x.x.x/16 and a 10.10.x.x/16 network.  Site-B (branch side) is a 10.20.x.x/16, 10.30.x.x/16, 10.40.x.x/16, etc networks separated by physical interfaces and zones. We have a tunnel bound to our 192.x.x.x/16 network that allows us access to the 10.20.x.x/16 network, and a route of 10.20.x.x/16 traffic destined to the tunnel. However I am a bit confused on how to get the 192.x.x.x/16 network traffic to route to any of the other networks, 10.30.x.x/16, 10.40.x.x/16 through the same tunnel, or over different tunnels.

Do I need to specify proxy-ID information in the tunnel for the connections to work?

This thread is similar in the line of questioning, but not quite what I am needing help with: Bind multiple VPNs to a single tunnel interface?

If there is any other information I can provide to help make this more clear, please let me know.  Thank

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
cmateam
L3 Networker
In response to cmateam

‎08-15-2012 01:27 PM

Figured out my problem.  Firewall policy rule on FW at Site-B needed to allow me to gain access.

View solution in original post

1 person found this solution to be helpful.
3 REPLIES 3

Go to solution
Ante
Not applicable

‎08-15-2012 03:00 AM

I've setup a similar setup with two PAN's, do you have a tunnel interface network or only using the IKE to setup the tunnel? I only added the additional routes to the tunnel interface and it's working fine, if it's also allowed in the policy.

0 Likes Likes

Go to solution
cmateam
L3 Networker
In response to Ante

‎08-15-2012 07:22 AM

I'm using IKE to setup the tunnel, and then have a tunnel established in the second phase. If that makes sense?

0 Likes Likes

Go to solution
cmateam
L3 Networker
In response to cmateam

‎08-15-2012 01:27 PM

Figured out my problem.  Firewall policy rule on FW at Site-B needed to allow me to gain access.

1 person found this solution to be helpful.
  • 1 accepted solution
  • 4107 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks