Global Protect VPN configuration issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect VPN configuration issue

L1 Bithead

Hi Friends,

 

Recently i am facing configuration issue with related to Global Protect.

The customer has an ISP line connected to a router, and from the router, it's connected to a Palo Alto firewall.

Now, the customer wants to use GlobalProtect, and I’ve completed all the basic configurations. However, I am encountering an issue while adding the external gateway.

The problem is that the ISP team has provided two different subnets of IPs: one for LAN and another for Public IPs. The public IPs are configured on the router, and the customer is using the LAN IPs provided by the ISP team to connect the router to the Palo Alto firewall.

Which IP range should I use to make GlobalProtect functional and operational?

 

For reference I am attaching a rough diagram of the topology.

 

Kindly suggest me on how to make it work.

 

Thanks and Regards

Monica Shree3 (3).png

  

1 REPLY 1

Cyber Elite
Cyber Elite

As your Palo don't have access to public IPs you will configure GlobalProtect on interface with IP 10.254.10.2.

In public DNS you need to use real (public) IP for GlobalProtect record.

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 202 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!