02-05-2024 01:35 PM
for a client, i created these many tunnel interfaces for each of their sites. Now, for all these sites, they have 2-3 public ip addresses(for failover purposes). So, will i have to create new tunnel interfaces or should I just create new Ike gateways and ipsec tunnels and point them to the tunnels which I created earlier(shown on the screenshot below)? Please help
02-05-2024 02:46 PM
Hello,
I think your answer would depend on how you plan to use the tunnel interfaces. You can assign multiple IP's to a singe interface. However for me, I use the interfaces for OSPF routing and to see if the tunnel is up, via 3rd party monitoring since the tunnels connect via different providers.
Regards,
02-06-2024 09:51 AM
I want to know how to configure policy based site to site VPN from our Palo Alto to a site which has a watchguard firewall and has 3 public ip addresses(used for failover).
02-06-2024 10:05 AM
Hello,
Is a watchguard a route based or zone based firewall? Palo Alto is route based.
Regards,
02-06-2024 10:28 AM
I am not sure about that. That is on the client's side.
02-06-2024 10:32 AM
I am just configuring on panorama. I have already configured VPN to their primary public IP. I am not sure if I can point the same tunnel to the newly created ike gateways and ipsec tunnels for their branch sites.
02-06-2024 10:37 AM
Hello,
You should be able to, however make sure your routing is set so that its not going to use multiple tunnels unless you are using ECMP.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
