IPsec Site-to-Site VPN Palo Alto and Cisco Router
First create a tunnel interface on Palo-Alto Firewall Side, assign to the proper virtual router and security Zone as VPN.
Now create the Crypto Profile under the Network tab
Route towards the Interesting traffic via the Tunnel Interface.
Create policy to allow traffic from VPN Zone to the DMZ network and to allow Peer IP Traffic on the interface connected to the Peer
Cisco Config
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28000
crypto isakmp key cisco address 10.10.10.1
!
!
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
!
crypto map MYMAP 10 ipsec-isakmp
set peer 10.10.10.1
set transform-set MYSET
match address 100
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
duplex auto
speed auto
crypto map MYMAP
!
access-list 100 permit ip 1.1.1.0 0.0.0.255 192.168.15.0 0.0.0.255 log
First create a tunnel interface on Palo-Alto Firewall Side, assign to the proper virtual router and security Zone as VPN.
Now create the Crypto Profile under the Network tab
Route towards the Interesting traffic via the Tunnel Interface.
Create policy to allow traffic from VPN Zone to the DMZ network and to allow Peer IP Traffic on the interface connected to the Peer
Cisco Config
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28000
crypto isakmp key cisco address 10.10.10.1
!
!
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
!
crypto map MYMAP 10 ipsec-isakmp
set peer 10.10.10.1
set transform-set MYSET
match address 100
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
duplex auto
speed auto
crypto map MYMAP
!
access-list 100 permit ip 1.1.1.0 0.0.0.255 192.168.15.0 0.0.0.255 log
Hey, it is so helpful post. Well, I am new to VPN and recently I have been planning to buy a paid service but not able to decide on any services. So it will be good if you can share a list of best vpn 2017. Looking forward to your reply.
ReplyDeletePlease check the link
Deletehttp://in.pcmag.com/software/38911/guide/the-best-vpn-services-of-2017, if this is something you were looking for
This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post! surfshark free trial
ReplyDeleteYou have done a great job on this article. It’s very readable and highly intelligent. You have even managed to make it understandable and easy to read. You have some real writing talent. Thank you. vpn for torrenting
ReplyDelete