I am working on a migration- ASA to Palo. ASA has muliple remote access vpn's setup - all terminating on outside interface ip address. For example, a RA vpn for employees - authenticating against AD, another for contractors- user accounts created locally on ASA. The IP Pool is different in call instances.
Now, I want to create a like for like RA vpn setup on Palo. I understand I can use physical interface public ip address for my portal and 1st gateway.
Question: what about the second gateway? can it be created utilizing the same public ip address so that whether it's an employee or contractor- they all connect to the same public IP address- and depending on how they authenticate they get different access? I will need multiple gateways so as to define 1. first gateway- authenticate via AD, second via LOCAL accounts created on the firewall. Apologies, I am somewhat new to Palo Alto firewalls and this is my 1st projet.
... View more