04-19-2018 11:52 AM
This might be a dumb question but I am going to ask it anyway, otherwise I may never know. I want to replace an ASA 5510 firewall IPsec VPN into a PCI network using Palo alto. What is the best way to approach that?
04-19-2018 12:13 PM
I imagine that the tunnel is currently just using a pre-shared key? If that's the case you would simply be able to recreate the tunnel on the PA and you shouldn't run into any issues.
04-19-2018 12:23 PM
I would assume the current VPN tunnle is using a pre-shared key also, I didn't set it up, just trying to find out how it is working now and see if I can mimic it on the PA. Then find out what VPN client can connect to it.
04-20-2018 06:43 AM
No. L2TP is no longer a feature for the vast majority of appliances anymore.
04-20-2018 06:47 AM - edited 04-20-2018 06:58 AM
I was afraid of that, its going to make VPN client they can use more difficult, some people need to have a vpn client for access from home and also a client to access the PCI network. Like me I have a native client configured for PCI access and the GP VPN because, though you can switch back and forth by changing the portal name, it would be easier if you could have multiple entries on one client
The setting for the VPN for the client for the ASA 5510 are L@TP/IPSec with pre-shared key
04-20-2018 06:57 AM
You actually can do this within the new agent. You would simply add another portal within the agent settings, and then you can toggle between the portals when you connect.
04-20-2018 06:59 AM
Which version client it that and does it work with 7.1.15
04-20-2018 07:26 AM
It's the 4.1 client. While the 4.1 will work with 7.1.15 I would make sure that it's fully functional in your enviroment before you push it out in mass.
04-20-2018 07:29 AM
Nice to see that they are answering our feature requests. I am going to install it on my test laptop and see how it works. This is going to be very helpful
04-20-2018 08:01 AM
Works like a dream on my test machine!!! I love it. Now I just have to figure out how to setup my IPSec tunnel, with the settings from the old ASA 5510
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
