have someone a howto about connecting a PA-500 with the Amazon VPC Service?
It would be nice to take a look on it :smileywink:
Solved! Go to Solution.
I did a search for "Amazon VPC" and all I can find is marketing fluff. If this is an IPSEC VPN then we should be able o work. We just need to find out wha the configuration parameters are. If this is some proprietartsoftware application, then you can submit a requestfor a new application withProduct Management.
I have actually looked at the configuration screens of an Amazon VPC and it was a real puzzler.
It was very non-obvious how you would set up the device to act as an IPSEC VPN end point and the documentation that we had available was not helpful. In my situation the user placed a call with Amazon support for advice on setting up IPSEC VPNs on the Amazon VPC.
We actually have successfully connected to Amazon VPC with PA-500 device. The configuration is pretty straight foward if you go through the Amazon VPC tutorial. Once the VPC is setup on the Amazon end, download the generic configuration to extend the VPC to your DataCenter by creating an IPSEC tunnel. The only gotcha is instead of using the proxy-ids within the Phase 2 configuration, you will have to configure BGP and redistribute your default route.
Hope this information helps.
We are trying to do the same thing with a PA-4020. I have the tunnels up i have BGP established on both peers. I am receiving the prefix for the subnet that i created when establishing the VPC. I checked the box to allow the redistribution of the default route. I have static routes in my core network to get to the PA-4020 for this subnet. I can trace all the way to the PA-4020 and the CLI confirms that it is allowing my ICMPs to go out the tunnel. But no pingage. :smileysad: Oh yeah and i also configured the security groups and ACLS on the VPC AWS console to allow ICMP in both directions. And the route table on the AWS console shows the VPC subnet as local and the 0.0.0.0/0 route as coming from my customer gateway ID. Did you have to create any policies on the PA for traffic going over the tunnel? This seems like it should be so easy - not sure where i went wrong.
@brand - If we are running multiple BGP peering dont u know it will cause issue with other peers ? as it will send default route to them ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!