Hi All, A somewhat interesting scenario pre-christmas here. I'm tasked with setting up a site-to-site VPN between a PA3020 and PA-200. The PA-200 will be connecting with PPPoE - which I've never set up before. I have some concerns on this and was wondering if anyone with some experience with a similar scenario can help with these questions:
1. Despite being PPPoE, the provider has given me a static IP to configure on the Outside interface of the PA. My guess is, the PA-200 will always receive this IP if i do it this way. However, when PPPoE is selected on the PA, and a static IP is configure, the interface list doesn't show me the IP address i stated. It still reads as 'Dynamic-PPPoE' (below). This leads me to question 2
2. When configuring my IKE-Gateway, I select the interface to terminate the VPN. Because the interface is seen as 'Dynamic-PPPoE', the IP address on that interface is not available to be selected. The only option I get is 'None'. Can the tunnel still form with the interface address set to 'NONE'?
3. For the other end of the tunnel (the PA3020), will I need to set the Peer type to dynamic since I've been unable to specify an IP address on the PA200 (as per question 2)? Or can the tunnel work if I set the Peer IP as the static address the Provider has 'assigned' to me?
4. Default route: I've asked the provider for a next hop/default route. Their response is that there is usually no requirement for a next hop. My only option at the moment is to choose the outside interface on the Palo and select the next hop as 'None' as well. I'm also ticking the checkbox 'automatically create default route pointing to peer'
Could this cause problems?
Apologies for the long string of questions. I've not worked with PPPoE before and would really just like some clarification
Your assistance is much appreciated.
... View more
