agenda · agenda . site to site vpn topology. 1. create l3 vpn zone on pa1-hq...
TRANSCRIPT
![Page 1: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/1.jpg)
1. Create L3 VPN zone on PA1-HQ2. Create Object of Tunnel IP address3. Create Tunnel Interface & assign VPN zone, Virtual Router & Tunnel IP address4. Create Phase-I policy 5. Create Phase-II policy6. Create IPsec Tunnel7. Add Static Route for interesting Traffic passing through Tunnel8. PA2-BRANCH Configuration9. Verifications
Agenda
![Page 2: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/2.jpg)
SITE TO SITE VPN TOPOLOGY
![Page 3: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/3.jpg)
1. Create L3 VPN zone on PA1-HQ
Network>Zones>Add
![Page 4: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/4.jpg)
2. Create Object of Tunnel IP addressObject>Addresses>Add
![Page 5: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/5.jpg)
3. Create Tunnel Interface & assign VPN zone, Virtual Router & Tunnel IP address
Network>Interfaces>Tunnel>Add
![Page 6: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/6.jpg)
4. Create Phase-I policy
Note:- To configure Phase-1 ParametersIKE Crypto & IKE Gateway is required
Network> Network Profiles> IKE Crypto>Add
![Page 7: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/7.jpg)
Phase-1 policy continued Network> Network Profiles> IKE Gateways>Add
![Page 8: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/8.jpg)
5. Create Phase-2 policy
Network> Network Profiles> IPSec Crypto>Add
![Page 9: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/9.jpg)
6. Create IPsec Tunnel
Network> IPSec Tunnels> Add
![Page 10: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/10.jpg)
7. Add Static Route for interesting Traffic passing through Tunnel
Commit all the changes
![Page 11: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/11.jpg)
8. PA2-BRANCH CONFIGURATIONNow exactly same mirroring we need on Branch Firewall with changes of destination IP address onlyPrerequisite• Configure MGMT Interface • Configure LAN & WAN interfaces with all parameters • Check connectivity between WAN interface of PA2- Branch & PA1-HQ
![Page 12: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/12.jpg)
A. Create L3 VPN zone on PA2-BR
Network>Zones>Add
![Page 13: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/13.jpg)
B. Create Object of Tunnel IP addressObject>Addresses>Add
![Page 14: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/14.jpg)
C. Create Tunnel Interface & assign VPN zone, Virtual Router & Tunnel IP address
![Page 15: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/15.jpg)
D. Create Phase-I policy
Note:- To configure Phase-1 ParametersIKE Crypto & IKE Gateway is required
Network> Network Profiles> IKE Crypto>Add
![Page 16: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/16.jpg)
Phase-1 policy continued Network> Network Profiles> IKE Gateways>Add
![Page 17: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/17.jpg)
E. Create Phase-2 policy
Network> Network Profiles> IPSec Crypto>Add
![Page 18: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/18.jpg)
F. Create IPsec Tunnel
Network> IPSec Tunnels> Add
![Page 19: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/19.jpg)
7. Add Static Route for interesting Traffic passing through Tunnel
I. Add Default Route towards Outside network II. Add route for 10.11.11.0/24 through tunnel GW as 10.30.30.1
Commit all the changes
![Page 20: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/20.jpg)
Verifications
Tunnel is up indicated by green indications
Phase-1 tunnel CLI verification
![Page 21: Agenda · Agenda . SITE TO SITE VPN TOPOLOGY. 1. Create L3 VPN zone on PA1-HQ Network>Zones>Add. 2. Create Object of Tunnel IP address Object>Addresses>Add. 3. Create Tunnel Interface](https://reader034.vdocument.in/reader034/viewer/2022042709/5f5534a946089a36b806ff00/html5/thumbnails/21.jpg)
Verifications
Phase-2 tunnel CLI verification