Palo Alto S2S VPN Dynamic Peers

 


In this lab, use loopback interface to simulate local LAN

HQ


1. Create Gateway



Enable passive mode so HQ doesn't initiate VPN connection to this dynamic gateway. 




2. Create tunnel interface




3. Create IPsec Tunnel


4. Add static route for branch1 IP/network




5. Security Policy






Branch1

1. Create a GW to represent HQ PA





2. Create a tunnel interface to HQ




3. Create an IPsec tunnel



4. Add a static route to HQ IP/Network


5. Add Security Policies





Add branch2


1. branch2 uses an unique User FQDN as local ID, other configuration same as branch1.

2. HQ
    2.1 Add a GW for branch2
   2.2 Add IPsec tunnel

   
2.3 Add branch2 IP/network to the existing security rule





































Comments