Site to Site VPN between PA200 and any third party device.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Site to Site VPN between PA200 and any third party device.

L1 Bithead

Hi all

 

   Please help me to sort out the situation below.

 

We have one PA 200 is working fine in the main office. The main office have the static WAN IP and it is acting as the SSL VPN gateway. Now, we need to connect a small brach office to main office through site to site VPN. The banch office doesn not have the static WAN IP. what are the cheapest options as the company cannot afford another PA unit and static IP. Please suggest any third party cheap vpn device which will work with the PA 200.

 

Thanks in advance.

6 REPLIES 6

Cyber Elite
Cyber Elite

You can set one peer as dynamic and one as static. the static one would need to be in passive mode as it will not be able to create the vpn tunnel

 

 

large2.pnglarge.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L6 Presenter

Hi,

 

Just check for a SOHO router that supports site2site VPN. Use free  DDNS and link your external IP address to have a DNS name. l am using this web site:

 

https://www.changeip.com/dns.php

 

Found this with TP-Link routers

 

http://www.tp-link.com/en/article-380.html

 

Cheers


@reaper wrote:

You can set one peer as dynamic and one as static. the static one would need to be in passive mode as it will not be able to create the vpn tunnel

 

 

large2.pnglarge.png


Thank you for the reply

So in this case, i have to use both side PA device. Branch site we would like to use any third party SOHO device with dynamic WAN IP.


@TranceforLife wrote:

Hi,

 

Just check for a SOHO router that supports site2site VPN. Use free  DDNS and link your external IP address to have a DNS name. l am using this web site:

 

https://www.changeip.com/dns.php

 

Found this with TP-Link routers

 

http://www.tp-link.com/en/article-380.html

 

Cheers


Thank you for the suggestion.

 

But my concern is how to use the TP Link in the branch side only as PA alredy deployed in the head office?

Hi,

 

The second firewall doesn't have to be a PA. Could be any but must support site-to-site IPsec VPN.

Palo-alto - Copy.jpg

Cheers


@TranceforLife wrote:

Hi,

 

The second firewall doesn't have to be a PA. Could be any but must support site-to-site IPsec VPN.

Palo-alto - Copy.jpg

Cheers


thank you..

  • 4230 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!