We currently have a primary direct internet from the ISP to the Palo Alto PA-200 configured with LSVPN .
As we plan to have a secondary Internet, we want to connect the Palo Alto PA-200 with 4G Router using LSVPN as well.
The problem is the public IP address is assigned to the 4G router and we'll connect it via LAN With PA-200 as the diagram illustrates below
How can Configure the PA-200 to implement the LSVPN as a client
Does the 4G router have the ability to just pass all traffic without performing any other tasks or to be a transparent device so the PAN could have the public IP? Meaning the PA-200 should be able to make the request to the core of the LSVPN and make the connection. Is this not working as designed?
Why is it a problem if the public IP is on the 4G router? Btw. are you sure your 4G modem has a public IP? The way I used these modems so far, they always got a private IP ln the external interface and on provider side ther is carrier grade NAT for connections towards the internet.
Anyway, for GP LSVPN you don't need a public IP on your spoke firewall. Only the hub will need a public IP to receive the connections.
Which configuration should I do to make the router works transparent in order to carry the public IP address to the firewall? If I configure the DMZ IP on the router by assigning the IP address of the interface of the firewall PA200 will make it transparent?
Which configuration should I put on the firewall (spoke)
Back in the day when i was doing this, there was a setting in the 4g router that allowed it to be transparent and it would pass the public IP to the attached device/firewall. While I dont know what or if there is that in the device you are using, you might want to reach out to the vendor and check. However like @vsys_remo pointed out. it might not be required.
Thank you for your answer, Well i'm using Huawei AR160 series .
The Hub administrators are requesting the public ip and its Gatway but the 4G providers has just offered One Public IP /32 With NAT .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!