BOVPN Dynamic NAT to Palo Alto
We have a T45 and our client has Palo Alto. We need remote access to several devices at different locations on their 10.x.x.x LAN (Site B ). Due to their security requirements, they want us to configure a BOVPN connection to accomplish this. They will not use our (Site A) 192.168.x.x LAN as the remote IP for the tunnel, so we need to do NAT.
I am thinking Dynamic NAT since connections will only be initiated from Site A and we do not want/need any traffic initiated from Site B.
The Watchguard configuration is simple enough, but what does it need to be on the Palo Alto side? Their IT thinks that their tunnel and gateway cannot both point to our external IP.
0
Sign In to comment.
Comments
What will they accept as the remote IP for the tunnel?
They offered a 10.x address/subnet from their network. The Watchguard way is to use the same external address for the tunnel as the gateway in 'remote to local' configuration.
Unless you use 1-to-1 NAT in the Tunnel setup.