Hello i'm new in here, 7:08 what if there's a router between the palo? what's the peer IP? also what config is needed in router beside setting ip and routing so that he vpn site to site work?
In that case peer IP could not be of same network. But ultimate purpose will be same, Peer IP should be reachable and make sure routes in place at the intermediate routers
Good session however, I have an input or query - while configuring the static routes: (explained during 16:00-19:00 min timestamp) you ended up configuring it for a VPC IP. My question is: In real time, you would never know the VPC IP address on the other side. you should have configured it on the public facing IP and then created a route to the target VPC. Please let me know your thoughts on this.
If you are talking about Static route for tunnel, i.e. not just VPC IP of a machine, but its whole subnet of other side. So all the traffic towards complete subnet will be forwarded towards tunnel, get encrypted and being delivered on other site. I hope i understood your question currently. If not please ask again re-iterating 🙂
What configuration is needed, if the PA firewall sits behind the router(NAT)? NAT -T enable in palo alto. Is there any changes required in Cisco router 7200. Pls. suggest
If NAT is happening in between VPN path, you may have to enable port 4500 as well. By default UDP port 500 is used for IKE, but in case of NAT-T in between it uses 4500
![Palo Alto VPN - Site to Site step by step configuration [2024]](http://i.ytimg.com/vi/GPANrMczTz4/mqdefault.jpg)
Best video for VPN site to site configuration.
Thank you 👍
Hello i'm new in here,
7:08 what if there's a router between the palo? what's the peer IP?
also what config is needed in router beside setting ip and routing so that he vpn site to site work?
In that case peer IP could not be of same network.
But ultimate purpose will be same, Peer IP should be reachable and make sure routes in place at the intermediate routers
Good session however, I have an input or query - while configuring the static routes: (explained during 16:00-19:00 min timestamp) you ended up configuring it for a VPC IP.
My question is: In real time, you would never know the VPC IP address on the other side. you should have configured it on the public facing IP and then created a route to the target VPC.
Please let me know your thoughts on this.
If you are talking about Static route for tunnel, i.e. not just VPC IP of a machine, but its whole subnet of other side.
So all the traffic towards complete subnet will be forwarded towards tunnel, get encrypted and being delivered on other site.
I hope i understood your question currently. If not please ask again re-iterating 🙂
Good explanation thanks sir...
Thank you ☺️
What configuration is needed, if the PA firewall sits behind the router(NAT)? NAT -T enable in palo alto. Is there any changes required in Cisco router 7200. Pls. suggest
If NAT is happening in between VPN path, you may have to enable port 4500 as well.
By default UDP port 500 is used for IKE, but in case of NAT-T in between it uses 4500
HiSir,
we didnt configured anything here for return traffic?
Palo Alto is flow based firewall.
Outstanding sir
Thanks mate
Hi sir.. can you explain modes,ike,IPsec parameters, give more trouble shooting commands and packet capture it will help
Sure mate, will try to cover.....
that was so awesome. thanks sir
Glad you liked it!