This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Pa VPN IPsec

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Pa VPN IPsec

atelcom
L3 Networker

‎11-04-2014 06:16 AM

Hi,

i have a question regarding the VPN IPsec on Paloalto , is palotlo must be in front end when configuring the PA

Regards,

Sarah

Labels:
0 Likes Likes
7 REPLIES 7

HULK
L7 Applicator

‎11-04-2014 06:20 AM

Hello Sarah,

Could you please explain, what do you mean by "front end". It will help us to understand your exact requirement.

Thanks

0 Likes Likes

ssharma
L5 Sessionator

‎11-04-2014 06:23 AM

Hi Sarah,

No that is not a requirement. You can use it as Pass through device as well, where it treats IPSec traffic as any other traffic and allows or denies as per policy configured. Though there are benefits with respect to threats, replay attacks when you configure it as front end or edge device but that is not a requirement.

Hope this helps. Thank you.

0 Likes Likes

atelcom
L3 Networker
In response to HULK

‎11-04-2014 06:27 AM

here is the architecture,i want to know if the vpn ipsec must be configured on the stonsoft ,

or we can do that in the PA with private addresses

sdfdgfdhgfdh.PNG

0 Likes Likes

atelcom
L3 Networker
In response to ssharma

‎11-04-2014 06:29 AM

Yeah i know that,but i want to know if i can configure the vpn ipsec on the paloalto with private adresses

thank you

regards,

Sarah

0 Likes Likes

HULK
L7 Applicator
In response to atelcom

‎11-04-2014 06:30 AM

Hello atelcom ,

Yes, You can configure the VPN tunnel with Private IP.

Thanks

0 Likes Likes

ssharma
L5 Sessionator
In response to atelcom

‎11-04-2014 06:30 AM

Yes, you can configure it with private address as well. The requirement is same as with public IP all phase 1 and phase 2 should match. Otherwise there is no difference. Hope this helps. Thank you.

0 Likes Likes

HULK
L7 Applicator
In response to atelcom

‎11-04-2014 06:37 AM

Hello Sarah,

You may follow this KB article How to Configure IPSEC VPN

> Make sure PAN has been always the VPN initiator ( enable "passive mode" in other end device)

> Enable NAT-Traversal on both end firewalls.

Thanks

0 Likes Likes
  • 3171 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks