04-11-2022 03:13 PM
I've added a VM PAN to allow more Global Protect connections. It's working well for my cert based GP users.
In the example below GP connects to 5.5.5.5, the 3220 PAN NATs that to an address on its DMZ 10.100.100.10
and the tunnels for like a champ. The Portal and Gateway are configured with the IP of the external IP of
the VM PAN 10.100.100.10.
Internet----------5.5.5.5[PAN3220]NAT-----10.100.100.10[VM PAN]
In this scenario - what would be an option for adding a second portal and gateway say for on demand saml
based VPN? Add a loopback at a new private IP say 10.100.99.10 on a loopback and add a route to the PAN 3220 to reach
it via 10.100.100.10 the outside of the VM PAN? And add a NAT at the 3220 say 5.5.5.6->10.100.99.10?
Or add the NAT at the VM PAN say 10.100.100.15 - > 10.100.99.10 (on say Lo1)?
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
