This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

question re split tunnelling

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

question re split tunnelling

sue_town
Not applicable

‎06-23-2011 07:20 AM

We are installing some PA 500 firewalls at various sites within our company

each site has 1 connection to the internet - my question is if I want to install a dynamic multipoint VPN tunnel to connect this site to the company network and all traffic will use this - apart from internet traffic which will be pushed out locally - do I need one or two ISP circuits to do this?

thanks for any help

Sue

0 Likes Likes
3 REPLIES 3

mrajdev
L4 Transporter

‎06-23-2011 01:34 PM

Sue,

You can do this using one ISP circuit. This ISP circuit will be used to connect the IPSec VPN tunnel to the head office. You can have a route on the remote location to send the traffic which belongs to the head office network over the VPN tunnel. All other traffic would go out to the internet using the default route to the ISP router.

Hope this helps, Do please let us know if you have any other questions.

Thanks

0 Likes Likes

sue_town
Not applicable
In response to mrajdev

‎06-24-2011 06:31 AM

thanks for the reply and info - we are currently using CISCO routers to build the IPSEC GRE tunnels - would i still need to use the CISCO router to do this with the PA 500 firewall - or just the PA 500?

thanks

S

0 Likes Likes

mrajdev
L4 Transporter
In response to sue_town

‎06-24-2011 03:33 PM

Hi Sue,

You cannot terminate the GRE tunnel on a PAN as of now, but you can terminate a IPSec tunnel on a PAN. So if you have a PA-500 to PA-500 IPSec will work with no problems. If you want you can also do a IPSec tunnel between a Cisco router and a PA-500. Below is the example of how the network would look like if you are doing a GRE tunnel and using a IPSec tunnel to encrypt the GRE tunnel traffic.

      Cisco                    Cisco

       Router-----------------Router ===========Pa-500 --------------Cisco Router

                   GRE                   IPSec Tunnel                GRE

Hope this help, do please let us know if you have any further questions.

Thanks

  • 2193 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks