I'm moving some rules from an ASA we will be decommissioning at another location to our local PA-5220 for an IPSEC tunnel that we are migrating. The existing rule set on our ASA is NAT'ing our /16 subnet onto a /24 which technically could be an issue but we have few users that use this tunnel so it isn't an issue and they could come from a number of places on our internal /16.
Is there a way to do this with PAN-OS? When I looked at this document: Getting Started: Network Address Translation (NAT) - Knowledge Base - Palo Alto Networks it had a caveat about being the same size subnets but it looks like that is only if using Dynamic IP and NOT dynamic IP and port. I'm just uncertain at the moment if this tunnel requires the source ports to remain the same - I doubt it but its possible.
Thanks in advance for any help or insight.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!