I have a virtual Palo Alto in AWS and the untrust interface has a 10.x.x.x IP address. It also has an elastic public IP assigned by AWS for that untrust interface. I need to build an IPsec VPN to a customer who also uses the entire 10.x.x.x/8 network internally.
Can they set their IKE ID to our 10.x.x.x untrust interface IP in some sort of VPN zone on their firewall so it is segregated from their internal 10.x.x.x/8 network?
No comments:
Post a Comment