This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Wireless and PA200 homelab access

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Wireless and PA200 homelab access

Go to solution
killboxalpha
L1 Bithead

‎06-10-2017 12:53 PM - edited ‎06-10-2017 12:54 PM

Hi

 

Iam trying to find a good solution to my home and homelab network.

 

i put together a drawing of the current layout.

How can i access mye homelab 10.0.0.0/24 via my wireless 192.168.1.0/24 when i am home?

and how can i access my home 192.168.1.0/24 and homelab 10.0.0.0/24 from vpn client when i am not home ?

do i need a subinterface (the "PA" box is the PA200) or how to i go about this (vlan tagging/trunk ?)

 

Cheers for any input on the issue.

 

Untitled 1.jpg

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
killboxalpha
L1 Bithead

‎06-13-2017 10:26 PM - edited ‎06-13-2017 10:37 PM

so i can choose from these alternatives:

 

 

 

Layer 3

Layer 3 palo alto.jpg

 

 

And there is the subinterface option.

 

 

Palo Alto SubInterfaces.jpg

 

 

 

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
TranceforLife
L6 Presenter

‎06-10-2017 01:37 PM - edited ‎06-10-2017 01:38 PM

If you are at home you don't need VPN in order to access your local resources. If you are connecting from the internet then you most likely will be landed in the separate zone behind the palo (e,g GP ZONE, just a name really). Then based on the security policies you will permit your traffic to the 10.0.0.0/24 and 192.168.1.0/24. Make sure your routing is correct at Layer 3 boundaries as well as palo permit the traffic between the zones

0 Likes Likes

Go to solution
Remo
L7 Applicator

‎06-10-2017 02:08 PM

If the cisco managed switch is a L3-switch: In this case you need to have a route for 10.0.0.0/24 with the cisco managed switch as next hop
If the cisco managed switch is a L2-switch: your topology will probably not work

Why don't you connect your cisco managed switch directly with your PA? On the PA you will need two subinterfaces: one for your homenetwork and one for your lab. This port will be connected to a trunk port on the cisco switch where you will connect an access port to the unmanaged switch for your homenetwork. And in case it is possible (locations of the AP's, enough free ports) you could also connect the AP's to the cisco switch to everything is connected more direct and not in this daisy chain mode.
0 Likes Likes

Go to solution
killboxalpha
L1 Bithead

‎06-13-2017 10:26 PM - edited ‎06-13-2017 10:37 PM

so i can choose from these alternatives:

 

 

 

Layer 3

Layer 3 palo alto.jpg

 

 

And there is the subinterface option.

 

 

Palo Alto SubInterfaces.jpg

 

 

 

0 Likes Likes

Go to solution
Remo
L7 Applicator
In response to killboxalpha

‎06-14-2017 08:42 AM

Exactly. Both of these alternatives look good 😉

  • 1 accepted solution
  • 2504 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks