1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Integration Guide (Panorama Managed)
    5. Onboard Mobile Users and Branch Offices in Mainland China
    6. Onboard Branch Offices in Mainland China to Prisma Access
    7. Configure the Remote Nework in Prisma Access

    Configure the Remote Nework in Prisma Access

    To begin the onboarding of a remote network in mainland China, you onboard the remote network and get the public IP address that Prisma Access Uses for the remote network connection (the
    Service IP Address
    ).
    1. In the Panorama that manages Prisma Access, select
      Network
      Network Profiles
      IKE Crypto
      Add
       and
      Add
       an IKE crypto profile for the IPSec tunnel, if you have not created one already.
      Make sure you have specified the
      Template
       of
      Remote_Network_Template
       before starting this task.
    2. Give the profile a name and specify IKE settings.
      Make a note of these settings; you specify the same settings when you create the IPSec tunnel in the router instance you configure in Alibaba Cloud.
    3. Select
      Network
      Network Profiles
      IPSec Crypto
       and create a new IPSec crypto profile in Panorama, making a note of the settings you specify.
      Skip this step if you have already created an IPSec crypto profile.
    4. Select
      Network
      Network Profiles
      IKE Gateways
       and
      Add
       a new IKE gateway, specifying the following parameters:
      • Specify a
        Version
         of
        IKEv2 only mode
        .
      • Specify a
        Peer IP Address Type
         of
        Dynamic
        .
      • Enter a
        Pre-Shared Key
        .
      • Specify
        User FQDN (email address)
         for
        Local Identification
         and
        Peer Identification
         and enter the IP addresses to use.
    5. Select
      Advanced Options
       and enable
      NAT Traversal
      .
    6. Select
      Network
      IPSec Tunnels
       and
      Add
       an IPSec tunnel, specifying the
      IPSec Crypto Profile
       you just created.
    7. Onboard a new remote network connection in Prisma Access, specifying the following parameters:
      • Select a location that is close to the location of VPC 2.
      • Enter placeholder
        Corporate Subnets
        . You add valid subnets after you deploy the VM-series firewall in Alibaba Cloud.
      • Add one or more
        Static Routes
         to the branch office network.
        You can also use
        BGP
         routing for your deployment.
    8. Commit your changes to Panorama (
      Commit
      Commit to Panorama
      ), then commit and push your changes (
      Commit
      Commit and Push
      ).
    9. Select
      Panorama
      Cloud Services
      Status
      Network Details
       and note the
      Service IP Address
       for the service connections you onboarded.
    10. (
      Optional
      ) If you want to enable redundancy, complete these steps and add another remote network tunnel between Prisma Access and a backup (secondary) customer premises equipment (CPE) at the remote network location. If you create a backup WAN, you must select
      Enable Secondary WAN
       and select the backup tunnel you create during remote network onboarding.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo