04-27-2024 08:27 AM - edited 04-27-2024 08:38 AM
I am trying to extend the VLAN from main site to branch site using a combination of GRE and IPSEC.
Below is a quick representation of the architecture, the objective is to enable remote communications between the main and the branch sites for all devices within VLAN-1.
I am aware that PA does not natively provide L2 tunnels, and VXLAN would be the more appropriate solution for this kind of need, but right now just wondering if this is even possible with only 2 PA firewalls ?
What i've achieved so far is a ping from 172.28.89.252 to 172.28.89.254 and vice-versa, which is a good start, but whenever i try to route towards 172.28.88.250 through the GRE or IPSEC tunnel, i either get a TTL exceeded indicating a loop somewhere, or no response at all.
I'm also exploring other avenues at the same time such as redistributing static routes with OSPF or BGP over IPSEC, but to no avail so far.
Any insight would definitely be greatly appreciated !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
