- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-27-2022 07:42 AM
I can't find a How-to document or community comment on this exact issue. Some that are close. And maybe I didn't search with the right terms.
I have one customer that connects to a resource on our network. We set up an IPsec VPN between them and us. Their inside subnet is 192.168.1.0/24. I set up a static route on our 'default' router that moves all 192.168.1.0/24 traffic to 'Tunnel 4' (their tunnel).
I'm trying to add a second customer via IPsec VPN, but they have the same inside subnet. I don't have the ability to tell either of them to create a NAT rule on their ends, so I'm trying to work it all out on my end.
I've thought about creating a separate virtual router with a separate public IP and using that as the VPN endpoint for them. I just wanted to make sure that is the best way to go about this. Seems I could just create a NAT rule that translates their IP address into something else and then, I could just route traffic to/from that (something else) IP range to 'Tunnel 5' (the new tunnel).
Is this something easy that I'm just overlooking? Am I on the right track with that NAT idea? Or is the separate router the best option?
I appreciate any help and opinions given.
Kevin
12-27-2022 08:36 AM
Hello,
Are the devices on the customers end Policy based? Here is an older article that may help out.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUFCA0
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNxCAK
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!