This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Encyrption domains / proxy ID

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Encyrption domains / proxy ID

Go to solution
Sharpierrr
L0 Member

‎05-19-2020 01:38 PM

Hi,

 

I am new to setting up VPN tunnels from Palo Alto to a 3rd party firewall and I'm unsure how to setup the proxy IDs for the tunnel config. On the local side I have 9 x /32 addresses and on the remote side there are 7 x /25 subnet addresses. Do I need to setup a proxy ID for each individual transaction between local and remote subnets? That would be a lot of Proxy ID's and doesn't seem right, somehow?

1 accepted solution

Accepted Solutions

Go to solution
SutareMayur
L6 Presenter

‎05-19-2020 09:02 PM

@Sharpierrr,

 

Normally Proxy ID configuration should be identical with peer settings. This should match at both ends. If at peer end, separate subnets are defined as a encryption domain, and you're defining super netted subnet under Proxy ID then there will be mismatch  and this may result in connection failure.

 

So if you want to use Super netted subnet under Proxy IDs to avoid multiple entries, you need to have identical settings at peer end as well.

 

Hope it helps!

Mayur

 

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

1 person found this solution to be helpful.
3 REPLIES 3

Go to solution
SutareMayur
L6 Presenter

‎05-19-2020 09:02 PM

@Sharpierrr,

 

Normally Proxy ID configuration should be identical with peer settings. This should match at both ends. If at peer end, separate subnets are defined as a encryption domain, and you're defining super netted subnet under Proxy ID then there will be mismatch  and this may result in connection failure.

 

So if you want to use Super netted subnet under Proxy IDs to avoid multiple entries, you need to have identical settings at peer end as well.

 

Hope it helps!

Mayur

 

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
1 person found this solution to be helpful.

Go to solution
BK0007
L2 Linker
In response to SutareMayur

‎05-19-2020 09:15 PM

Yes, whatever you are planning to configure, at both ends it should be identical. I had faced issues due to mismatch in proxy Id configuration.

0 Likes Likes

Go to solution
Sharpierrr
L0 Member

‎05-20-2020 12:55 AM

Thank you for your reply.

0 Likes Likes
  • 1 accepted solution
  • 5733 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks