PAN OS enabling communication between overlapping subnets

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN OS enabling communication between overlapping subnets

L1 Bithead

Hello,

 

I am thinking about analogy with Cisco firewall. Please how can I make two hosts with same address communicate with one another on one firewall?

1) Two Virtual routers leaking with NAT in place between Virtual Routers. Directly on one FW, not with some external device. So in terms of routing "Next VR".

2) Two Virtual systems with separate Virtual routers. And NAT implemented on External zone, enabling bi-directional communication.

 

Of course I dont expect that a single host will communicate on itself, there will be some dummy address spaces used in NAT statements per VR as a destination addreses for the hosts.

 

Which of these two paths could lead to desired end?

 

Thank you

 

Best regards

2 REPLIES 2

Cyber Elite
Cyber Elite

Not having an overlap would be desirable 😉

Alternatively you could sourceNAT to the physical interfaces in the destination subnet so the "server" side has an IP+MAC in the same broadcast domain 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

Hello, thank you for the answer. So you mean that both my solutions are valid and yours is third?

  • 673 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!