So, I am migrating a PA3050 to an ASA5506-X because the customer doesn't have enough in house expertise to continue with the Palo Alto firewall. I noticed a few things about the PA firewall, such as loopback addresses that have a public IP in the same subnet as the outside interface. They are using these IP addresses as IKE Gateways. Coming from Cisco world, I am not 100% familiar with this concept. I have seen it referenced in Juniper documentation and some Palo Alto, but Cisco makes no reference to it as far as I can tell. Not 100% sure why this is necessary; anyone have input on this?
No comments:
Post a Comment