topic Re: site to site VPN on TP-link --- PALO ALTO ---- AWS in General Topics https://live.paloaltonetworks.com/t5/general-topics/site-to-site-vpn-on-tp-link-palo-alto-aws/m-p/467133#M102756 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/194759">@SamuelCardoz</a>&nbsp;,</P> <P>&nbsp;</P> <P>In order to achieve your goal, you need to do all the required configuration at both Palo Alto as well as AWS end to allow communication between</P> <P><SPAN>STORE router/POS1&nbsp;and AWS. Only adding route at Palo Alto end won't help. You can verify traffic logs on palo alto side to see what's going on and decide further actions.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I will recommend&nbsp;you to verify below configurations-</SPAN></P> <P>&nbsp;</P> <P><SPAN>Security Policy&nbsp;</SPAN></P> <P><SPAN>NAT if any</SPAN></P> <P><SPAN>Encryption domains at both sides</SPAN></P> <P><SPAN>Routes at both sides.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 21 Feb 2022 09:17:54 GMT SutareMayur 2022-02-21T09:17:54Z site to site VPN on TP-link --- PALO ALTO ---- AWS https://live.paloaltonetworks.com/t5/general-topics/site-to-site-vpn-on-tp-link-palo-alto-aws/m-p/467113#M102754 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IPSEC S2S store to HO to AWSrev1 .jpg" style="width: 962px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39222i82C43B30C7EFF28A/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="IPSEC S2S store to HO to AWSrev1 .jpg" alt="IPSEC S2S store to HO to AWSrev1 .jpg" /></span></P><P>&nbsp;</P><P>As of now STORE router/POS1 able to reach the head office(PALO ALTO) via site to site VPN and HeadOffice(PAN) to AWS also working via site to site VPN. But our main goal is that POS1/Store able to reach the AWS network. As of the momment POS1 not able to reach the AWS networks. I already tried to add a route on the PAN from Store network going to AWS tunnel but still not working.<BR />Any idea on how i can make it working.&nbsp; Is there any one from the community have this kind of setup.&nbsp;<BR /><BR />Thanks<BR /><BR /></P> Mon, 21 Feb 2022 08:44:57 GMT https://live.paloaltonetworks.com/t5/general-topics/site-to-site-vpn-on-tp-link-palo-alto-aws/m-p/467113#M102754 SamuelCardoz 2022-02-21T08:44:57Z Re: site to site VPN on TP-link --- PALO ALTO ---- AWS https://live.paloaltonetworks.com/t5/general-topics/site-to-site-vpn-on-tp-link-palo-alto-aws/m-p/467133#M102756 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/194759">@SamuelCardoz</a>&nbsp;,</P> <P>&nbsp;</P> <P>In order to achieve your goal, you need to do all the required configuration at both Palo Alto as well as AWS end to allow communication between</P> <P><SPAN>STORE router/POS1&nbsp;and AWS. Only adding route at Palo Alto end won't help. You can verify traffic logs on palo alto side to see what's going on and decide further actions.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I will recommend&nbsp;you to verify below configurations-</SPAN></P> <P>&nbsp;</P> <P><SPAN>Security Policy&nbsp;</SPAN></P> <P><SPAN>NAT if any</SPAN></P> <P><SPAN>Encryption domains at both sides</SPAN></P> <P><SPAN>Routes at both sides.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 21 Feb 2022 09:17:54 GMT https://live.paloaltonetworks.com/t5/general-topics/site-to-site-vpn-on-tp-link-palo-alto-aws/m-p/467133#M102756 SutareMayur 2022-02-21T09:17:54Z