Hi guys.
GOAL:
I have an office in India with several users. They need to access a server in Azure that sits behind Virtual PA using Global Protect.
I have successfully setup an IPSec Tunnel between my On-prem PA and an Azure PA, however, I am not passing any traffic in either direction.
I suspect I might be over simplifying this deployment. I chose the "2-Arm" PA deployment in Azure. This gave me 3 Interfaces for which I had to define 3 subnets as shown in the image above.
This is a new concept for me. I am used to a single Internal subnet NAT'd out to a Public IP.
I feel like I am missing components for this deployment and that a "Single-Arm" Azure VM deployment is probably what I need.
Regardless, if anyone has some input they can provide, please let me know, I would greatly appreciate it.
Thanks!
As I am new to Palo Atlo's in Azure, it is important to note that the "outside" Interface is not assigned a Public IP address in the IKE Gateway settings as shown below. Since Azure associates a Public IP to your (non-routable) IP address, but routable in Azure if that makes sense, it it left blank. Typically you would have a Public IP assigned directly to your "outside" interface. After setting the interface to "None" as shown below, traffic started flowing.
