01-08-2021 05:08 AM - edited 01-08-2021 05:08 AM
I am looking at setting up a remote access VPN on a PA220. The idea, however, is that the user would have concurrent access to a server at the PA220's site as well as servers at another site, that the PA220 has a IPSEC VPN with.
In case this isn't clear.... the WAN interface of the PA220 would service both the remote access vpn and the ipsec site-to-site vpn.
I am assuming that the vpn client's ip address would have to be in the scope of the VPN configuration. And some NAT exceptions in place.
1). Is this possible?
2). What is this called? (hopefully I can use that to find a configuration guide).
3). Does this require a specific license?
Any other tips / issues / caveats to be aware of?
01-08-2021 05:55 AM
We did something similar when we were waiting on a new device to be delivered. You should not have any issues with differentiating the traffic. On ours, the zones are assigned to the tunnel interface for each of the tunnels and a different zone applied to the user VPN compared to the IPSec tunnels. It really is not much different than having multiple tunnels to sites that you want different rules for each tunnel.
That is a very simple answer, but when we did it, it really was not complicated at all.
2) Not sure if there is a term for it.
3) It does not require a different license than the GlobalProtect license, and that might not be required depending on how you are using GP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!