NATting to a VM PAN secondary gateway behind a physical PAN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

NATting to a VM PAN secondary gateway behind a physical PAN

L3 Networker

I've added a VM PAN to allow more Global Protect connections. It's working well for my cert based GP users. 

In the example below GP connects to 5.5.5.5, the 3220 PAN NATs that to an address on its DMZ 10.100.100.10

and the tunnels for like a champ. The Portal and Gateway are configured with the IP of the external IP of 

the VM PAN 10.100.100.10. 

 

Internet----------5.5.5.5[PAN3220]NAT-----10.100.100.10[VM PAN]

 

In this scenario - what would be an option for adding a second portal and gateway say for on demand saml

based VPN? Add a loopback at a new private IP say 10.100.99.10 on a loopback and add a route to the PAN 3220 to reach

it via 10.100.100.10 the outside of the VM PAN? And add a NAT at the 3220 say 5.5.5.6->10.100.99.10? 

Or add the NAT at the VM PAN say 10.100.100.15 - > 10.100.99.10 (on say Lo1)? 

 

Thank you.

 

0 REPLIES 0
  • 1111 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!