IPsec to Azure with a DHCP WAN IP + SDWAN + GlobalProtect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPsec to Azure with a DHCP WAN IP + SDWAN + GlobalProtect

L0 Member

I tried to go down this rabbit hole once with no success.  The IPsec tunnel to Azure should be fairly easy, it's what I already have configured that complicates it...

 

I currently have a PA-220 with (2) WAN connections [both DHCP] and currently using SD-WAN. Currently running PANOS- 10.1.8

 

I have a GlobalProtect portal/gateway running on 1 of the WAN links and had to use a loopback interface since my connection is DHCP from the provider.

 

What would be my best course of action to get this working?  Can I run 2 different loopbacks in the WAN zone?

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

Just thinking outside of the box, have you looked into dynamic DNS?

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-networking-admin/ddns/configure-dynamic-dns-for...

 

Regards,

Thanks for the reply... The WAN IPs don't actually change much.  Maybe once a year or if I change out the modem that feeds the firewall.  My requirement to using the loopback interfaces stems from the PAs not allowing you to specify an interface for the IPsec/Global Protect that is a DHCP address.  If I were able to set them as static, I could just use the actual interface instead of the loopback.
I was able to get Global Protect working using a loopback after some trial and error.  Maybe I'll throw up the Azure side and try to re-configure the PA side and show the config I'm trying to use and post them here.  From what I remember last time, I was getting a commit error about multiple loopback addresses and when I tried to use the same loopback interface for both GP and IPsec it bawked at that as well. 

  • 469 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!