This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN Site-to-Site and Global Protect - DynDNS IP WAN DHCP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VPN Site-to-Site and Global Protect - DynDNS IP WAN DHCP

Metgatz
L4 Transporter

‎07-08-2021 10:58 AM - edited ‎07-08-2021 10:59 AM

Hello, good afternoon everyone, I hope you are very well.

I have a couple of questions, I hope you can clarify and help me.

 

1.- Is it feasible to create a Site-to-Site tunnel between two sites with DYNAMIC IP ? Example using DYNDNS, in both sites, is it feasible to set up a tunnel between these two sites, both with Dynamical IP ?

 

2.- Is it possible to configure Global Protect on a site with DynDNS? Is DynDNS compatible with the configuration of global protect.

 

Thank you very much, I remain attentive, greetings.

High Sticker
0 Likes Likes
4 REPLIES 4

BPry
Cyber Elite
Cyber Elite

‎07-08-2021 11:28 AM

@Metgatz,

1.- Is it feasible to create a Site-to-Site tunnel between two sites with DYNAMIC IP ? Example using DYNDNS, in both sites, is it feasible to set up a tunnel between these two sites, both with Dynamical IP ?

Yup, as long as you configure everything correctly this would work perfectly fine. You would use FQDN on the initiator for the Peer IP Address Type so that it can keep the IP updated and the rest of the setup would be completed as normal.

 

2.- Is it possible to configure Global Protect on a site with DynDNS? Is DynDNS compatible with the configuration of global protect.

Yup, this would work perfectly fine as well.

 

0 Likes Likes

Metgatz
L4 Transporter
In response to BPry

‎07-08-2021 11:40 AM

@BPry 

 

Thank you very much for your response.

One doubt, in the IKE configuration, when you have to specify the local IP, how would you apply this configuration ? As None, no IP is entered on both sites, on both Palo Alto ?

It would be like this the following Link: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIGCA0 but both with IP WAN DHCP ?

I remain attentive, thank you very much

 

 

 

 

 

 

Ike_config.JPG

 

 

High Sticker
0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎07-08-2021 11:58 AM

@Metgatz,

You're using an older release, so you'll want to upgrade. I can't recall if it was added in PAN-OS 9 or 9.1, but newer releases have FQDN as a Peer IP Type when they officially added support for DDNS on the firewall. 

0 Likes Likes

Metgatz
L4 Transporter
In response to BPry

‎07-08-2021 12:38 PM

@BPry 

And on the Local IP side in the IKE configuration, do you still leave it as None, as it appears there ? Since the IP of that interface is Dynamic, is it configured as None in the same way in the recent versions ?

 

nONE.JPG

 

High Sticker
0 Likes Likes
  • 2515 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks