Hello, I have to set up a Site-to-Site VPN so our users can access some resources on a clients network. As we had here a lab firewall, another Palo Alto, I set up a test between our production and lab. This worked and I was able to connect. For the actual connection to the client, their side is a Cisco ASA. I provided our Peer IP(Public IP) and internal subnet on my end from which to expect the tunnel traffic, 192.168.8.0/21. They informed me that this range is already in use for another client. From there I researched what could be done to make this work. I came this link, https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSGCA0 and that all made sense. I went back to the client to inform them of the new subnet, 10.8.0.0/21 and they again said its in use. I asked if any 172.16. networks could be used and they said no. And that I should use a public IP for PAT intstead of an alternative private range. My question is, can I re-use the Public IP address that is being used in the existing NAT/PAT rule for internet access, to PAT the connections to through the client tunnel. Will this affect the non-tunnel traffic. I am trying to simulate in the lab set-up but wanted to see if anyone has had configure a Site to Site VPN in this manner. Thanks in advance for any advice.
... View more