Pa VPN IPsec

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pa VPN IPsec

L3 Networker


i have a question regarding the VPN IPsec on Paloalto , is palotlo must be in front end when configuring the PA




L7 Applicator

Hello Sarah,

Could you please explain, what do you mean by "front end". It will help us to understand your exact requirement.


L5 Sessionator

Hi Sarah,

No that is not a requirement. You can use it as Pass through device as well, where it treats IPSec traffic as any other traffic and allows or denies as per policy configured. Though there are benefits with respect to threats, replay attacks when you configure it as front end or edge device but that is not a requirement.

Hope this helps. Thank you.

here is the architecture,i want to know if the vpn ipsec must be configured on the stonsoft ,

or we can do that in the PA with private addresses


Yeah i know that,but i want to know if i can configure the vpn ipsec on the paloalto with private adresses

thank you



Hello atelcom ,

Yes, You can configure the VPN tunnel with Private IP.


Yes, you can configure it with private address as well. The requirement is same as with public IP all phase 1 and phase 2 should match. Otherwise there is no difference. Hope this helps. Thank you.

Hello Sarah,

You may follow this KB article How to Configure IPSEC VPN

> Make sure PAN has been always the VPN initiator ( enable "passive mode" in other end device)

> Enable NAT-Traversal on both end firewalls.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!