#PaloAltoTraining

Рет қаралды 10,794

Күн бұрын

Hi Friends,
Please checkout my new detailed video onHow to Configure VPN in a Site to Site VPN with Overlapping Networks. If you like this video give it a thumps up and subscribe my channel for more video. Have any question put it on comment section.
Palo Alto VPN videos
VPN configuration : • #PaloAltoTraining | DA...
Ikev1 Packet Capture and Negotiation : • #PaloAltoTraining | DA...
Palo alto Playlist
• #PaloAltofirewallTrain...
Facebook group URL
/ 197882327937667
Please find the link below for downloading images of network devices and EVE-ng file
drive.google.c...
Recommend below System configuration to run EVE-NG lab smoothly
Please Buy with our Affiliate Link (India and US)
(India)
Intel® Core™ i7-9700K Processor amzn.to/2TtGpul
ASUS ROG Strix Z390-F Gaming Motherboard LGA1151 amzn.to/3jxSSrr
Corsair Vengeance LPX 32GB (2x16GB) 3200MHz amzn.to/3mmQLIP
Gigabyte AORUS GeForce RTX 2080 amzn.to/34vtkqx
OR
ZOTAC Gaming GeForce RTX 2060 amzn.to/3jxBdzY
LG 27GL83A-B 27 Inch Ultragear QHD IPS amzn.to/31Hke8g
Corsair RMX Series, RM750x amzn.to/2TokxAq
(US)
Intel Core i7-9700K Desktop Processor amzn.to/3dZFT0s
ASUS ROG Strix Z390-F Gaming Motherboard LGA1151 amzn.to/2J16Lli
Corsair Vengeance LPX 32GB (2x16GB) 3200MHz amzn.to/2ToAd6T
Gigabyte AORUS GeForce RTX 2080 amzn.to/3dVrBOw
OR
ZOTAC Gaming GeForce RTX 2060 amzn.to/3oqOyxP
LG 27GL83A-B 27 Inch Ultragear QHD IPS amzn.to/37J73Yw
Corsair RMX Series, RM750x amzn.to/37Mf7rk
Please follow me on below network for more updates
Instagram : / bikashtech
Twitter : / bikashshaw82
E-mail ID : bikashshaw261@gmail.com
#Paloaltotraining #Paloaltofirewall #bikashtech

Пікірлер: 29

@chandu0771 Жыл бұрын

tq, before seing this video i don't know weather a way to overcome IPSEC Network overlapping. now i got complete knowledge of ipsec tq so much

@marrr7611 2 ай бұрын

Your videos are awesome my friend! I sent you some money the other day.

@macs2989 3 жыл бұрын

Awesome scenario Bikash... really this should have wonderful game playing with NAT. And great job Bikash, you deserve it . God bless you...

@issamzgybi9761 Жыл бұрын

You are the best, this scenario helped me allot at professional level, thanks allot

@rathodv16 3 жыл бұрын

Very nicely explained the complex thing in simple way.

@BikashsTech 3 жыл бұрын

Thank you 😊

@amarjeetkumar8735 2 жыл бұрын

Nice!! What about 2nd case where policy NAt option is unable in company B. So twice NAT need to configure

@user-gi1lu1og2m 6 ай бұрын

Thanks bro

@Gabru-RJ 10 ай бұрын

In Nat Site1-to-site 2 you've configured Source and Destination nat with bidirectional . Then why we need Site2-to-site1 Natting ? I think Bidirectional Nat will work if traffic would be generated through site 2 . Please correct me if i am wrong

@mh63111 3 жыл бұрын

Very good explanation..!!

@jagatjyoti1 4 ай бұрын

Doubt: Do we really need the 2nd access policy from outside to inside ( 100.1.2.1 to 100.1.1.1) ? In ASA, vpn traffic is exempted for acl filtering on outside interface with "sysopt vpn traffic" command. However let's say it needed, then why we put the NAT IP of inside zone as destination in the rule rather the original subnet(10.1.1.0/24), as we know, after the destination nat look up ,policy look up will be happened. So post dest nat look up it will be changed to 10.1.1.0 and policy will check for destination as 10.1.1.0 not 100.1.1.0/24

@kevins6886 3 жыл бұрын

thanks plz do some more such lab

@jagadeeshg4 3 жыл бұрын

Can you please explain this comparing to the life of a packet flow in Palo alto ?? basically when return traffic-> 100.1.2 to 100.1.1- > first it will look for Destination NAT - As there is DNAT 100.1.1 to 10.1.1 but again it will check for the security policy in which there is no policy allowed from Outside to inside with source- 100.1.2 to 10.1.1 right ?? can you please answer to this doubt? am I missing anything?

@sanchitjain0007 3 жыл бұрын

I have the same doubt.. when dnat is checked first so second rule should have real ip address

@vivekprajapati7911 3 жыл бұрын

great...

@ManojKumar-ju1dz Жыл бұрын

hello sir many video are missing please add missing video of palo alto

@sanchitjain0007 3 жыл бұрын

Hi Bikash, great videos.. Thank you for them.. please help me understand if we are doing the static NAT why we are the whole network instead of single IP?

@Faithhh071 3 жыл бұрын

At 24:07 your 2nd NAT rule is wrong. The destination zone is still the outside because it's not translated yet. What security zone did you put 100.1.1.0 and 100.1.2.0 in?

@sanchitjain0007 3 жыл бұрын

Also if we enabling bidirectional nat in first rule why we need another NAT?

@sandeepbhatt8454 3 жыл бұрын

Also, we are consuming entire /24 block of public ip.

@shivsankar455 2 жыл бұрын

You are right

@Faithhh071 2 жыл бұрын

@@shivsankar455 I actually wasn't right. For a moment think of a classic port-forwarding NAT rule you've added. E.g. webserver 443/tcp translated to an internal address. Your destination zone would still be the outside zone (WAN). And the translated address would belong to an internal zone (DMZ). That's because those who are visiting your webserver do NOT know of the internal addresses. And they are visiting using the WAN address. But with this IPSEC example, there are static routes in place for the internal addresses, so the destination zone is just your internal zone (LAN) and not the outside zone. The bidirectional option isn't needed. You've already created two rules in both directions. The bidirectional option never worked properly for me if you filled in the destination address values. It's just better to create two separate rules without that option.

@marrr7611 2 ай бұрын

Do you have a video on how to configure a windows pc on eve-ng? I tried with windows 11 virtual pc, but the hard drive size of the vm needs to be 80g and it would consume the hard drive space that I allocated for the eve-ng environment. I had to increase the size a couple times of the eve-ng hard disk to accommodate the virtual windows pc. What do you recommend is the best image to use in eve-ng which is the lighest and does not consume much disk space?

@BikashsTech 2 ай бұрын

Hello Marrr, You can follow this video (kzbin.info/www/bejne/hKuXlpqgnrV3p6c). For eve ng i have allocated 500GB SSD, actually images and lab take more space.