Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

Reply
Highlighted
L0 Member

Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

Hello everyone,

 

I am working on a project to deploy a Cluster of two Palo Alto VM's on Azure. While designing the solution with an internal and external Loadbalancer (you can see the picture in my post) i don't know if i need to configure Public IP address in both Firewall's external interfaces to handle a source NAT for internal resources and also a destination NAT or just put a public IP address in the external loadbalancer only.

 

We need VPN IPSEC tunnels in the external interfaces, Public IP adresses have to be configured directly on the Firewall in this case? if no (only in external loadbalancer), in the VPN configuration the Peer IP address should be the loadbalancer Public IP address ?

 

Thank you in advance,

LoueyImage_Palo_Forum_NAT.PNG

Highlighted
L7 Applicator

Re: Source and Destination NAT for PA-VM on Azure Cloud with VPN tunnel

You can enable NAT traversal and use internal IPs on the firewallyou can then use FQDN or userFQDN as local identificationthe remote peernwill need to use the load balancer public IP (or can even have dynamic)

 

 

reaper - PANgurus.com
I drink and I know things
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!