Using Loopback interfaces for a site-to-site IPSEC VPN

cancel
Showing results for 
Search instead for 
Did you mean: 

Using Loopback interfaces for a site-to-site IPSEC VPN

L1 Bithead

Does anybody have experience configuring site-to-site IPSEC VPNs using loopback interfaces instead of phsical ones?  If you are going to respond with a sassy comment (e.g. Why are you doing that?  or That's dumb!) then please don't respond.  I have a specific need.  I have the VPN setup.  I can send traffic to the remote end, but it appears that the firewall drops the returning ESP packets upon return.  I don't see that in the logs, but rather when performing a network capture within the firewall.  The firewall records the returning ESP packets in the receive and drop logs.  I've been busting my head trying to figure this one out along with others in my circle, but we just can seem to crack this baby.

 

I will be happy to share my config, or perform a web-ex with you  in order to get to the bottom of this.

 

Your assistance in appreciated...

 

Scott

801-545-6674

11 REPLIES 11

Hello,

For routing I always use OSPF. However static and PBF also work, just keep in mind any failover scenarios, etc.

 

Regards,

L1 Bithead

Hi All,

 

I saw this topic interesting and I am planning to use this set up on our current environment. Is it possible to establish a S2S VPN on Palo alto given the following requirements:

Loopback interface - Public IP (/30)

External interface - Private IP (/28, pt to pt IP with ACI)

We will use this setup to reduce the Public IP's to be used since ACI always requires /28 IP. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!