VPN Site-to-Site and Global Protect - DynDNS IP WAN DHCP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Site-to-Site and Global Protect - DynDNS IP WAN DHCP

L4 Transporter

Hello, good afternoon everyone, I hope you are very well.

I have a couple of questions, I hope you can clarify and help me.

 

1.- Is it feasible to create a Site-to-Site tunnel between two sites with DYNAMIC IP ? Example using DYNDNS, in both sites, is it feasible to set up a tunnel between these two sites, both with Dynamical IP ?

 

2.- Is it possible to configure Global Protect on a site with DynDNS? Is DynDNS compatible with the configuration of global protect.

 

Thank you very much, I remain attentive, greetings.

High Sticker
4 REPLIES 4

Cyber Elite
Cyber Elite

@Metgatz,

1.- Is it feasible to create a Site-to-Site tunnel between two sites with DYNAMIC IP ? Example using DYNDNS, in both sites, is it feasible to set up a tunnel between these two sites, both with Dynamical IP ?

Yup, as long as you configure everything correctly this would work perfectly fine. You would use FQDN on the initiator for the Peer IP Address Type so that it can keep the IP updated and the rest of the setup would be completed as normal.

 

2.- Is it possible to configure Global Protect on a site with DynDNS? Is DynDNS compatible with the configuration of global protect.

Yup, this would work perfectly fine as well.

 

@BPry 

 

Thank you very much for your response.

One doubt, in the IKE configuration, when you have to specify the local IP, how would you apply this configuration ? As None, no IP is entered on both sites, on both Palo Alto ?

It would be like this the following Link: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIGCA0 but both with IP WAN DHCP ?

I remain attentive, thank you very much

 

 

 

 

 

 

Ike_config.JPG

 

 

High Sticker

Cyber Elite
Cyber Elite

@Metgatz,

You're using an older release, so you'll want to upgrade. I can't recall if it was added in PAN-OS 9 or 9.1, but newer releases have FQDN as a Peer IP Type when they officially added support for DDNS on the firewall. 

@BPry 

And on the Local IP side in the IKE configuration, do you still leave it as None, as it appears there ? Since the IP of that interface is Dynamic, is it configured as None in the same way in the recent versions ?

 

nONE.JPG

 

High Sticker
  • 2558 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!