Looking for some feedback on anyone's experience with both/either.
In the Cisco realm say a mesh of 50 some sites each router has a tunnel between each site and a connection can go direct to the other location because routing is shared across the entire mesh.
In Palo's LSVPN solution is that how it works as well? Are routes shared between each site's PA device and subsequently a host at each site could talk direct to the other site without having to go through a middle-man?
Also any gotcha's you might have seen in Palo's LSVPN design?
LSVPN is really aimed at simplifying the configuration deploy and not really at routing performance. The LSVPN config basically sets up a mesh of SSL VPN between the sites and the hub that can be deployed via Panorama simply.
If you have a large hub and spoke setup with an experienced network team I would recommend building route based vpn for the setup. You can use limited templates to simplify the process but it is more work to get up and running. But in the end this will be a more traditional routed network setup that performs at higher levels and is easier to troubleshoot in my opinion.
Hi @pulukas ,
I just want to be sure that I understand what you said here. Please correct me if I am wrong.
"If you have a large hub and spoke setup with an experienced network team I would recommend building route based vpn for the setup." I honestly do not understand what you mean by route-based VPN.
Are you saying that you recommend individual IPSec S2S VPN tunnels between hub and spokes compared to DMVPN?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!