This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN & Portal on PA2020 running only Virtual Wires

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

VPN & Portal on PA2020 running only Virtual Wires

RonaldGo
L2 Linker

‎01-14-2013 11:38 PM

hi

Our network has 3 separate connectivity to the internet and all of them are connected via virtual wire on our PA2020 and the only other network connection is the management port on a fixed internal IP... 

total 7 ports used (3 pairs for the 3 virtual wires & 1 management).

is it possible to setup VPN & Captive portal on such a setup?

thanks!

0 Likes Likes
4 REPLIES 4

mikand
L6 Presenter

‎01-15-2013 12:04 AM

I have a faint memory that PANOS 5.0 introduced the possibility to create L3-subinterfaces on vwire nic's so you then can use VPN & Captive Portal which needs a L3 interface to communicate with the client.

RonaldGo
L2 Linker
In response to mikand

‎01-15-2013 12:13 AM

thanks for this tip...  i'll look into it and see where it leads... Smiley Happy

0 Likes Likes

mikand
L6 Presenter
In response to RonaldGo

‎01-15-2013 12:27 AM

I might be confused by this entry in the release notes:

"

Virtual Wire Subinterface – You can now create virtual wire subinterfaces in order to classify traffic into different zones and virtual systems. You can classify traffic according to the VLAN tag, or VLAN tag plus IP address (IP address, IP range, or subnet).

"

However I still think it should be possible to create a L3-subinterface on a VWire setup.

Because VWire is just like a regular switch and its settings are similar to the ones you can set for a switchport regarding "allowed vlan" and such. On a switch (if we take a cisco for example) you can setup loopback interface which will act as mgmt-interface (in the switch example). Which gives if dstip=loopback_ip then send to the system cpu else switch to the other physical interface - I think the same should be possible on a PA (and if not today then by a feature request unless there is some other magic involved when using VWire?).

0 Likes Likes

cverite
L0 Member
In response to mikand

‎04-20-2013 01:55 AM

Hi

I do the same test and I didn't see to add the response page for the portal captive on the subinterface Virtuel Wire.

0 Likes Likes
  • 2330 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks