https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585268#M116849 <P>Hello friends,</P> <P>&nbsp;</P> <P>I configured site-to-site vpn between two firewalls and the ping from network behind firewall (internal network) to other internal network is failed (timeout) while the traffic shows allowed in the firewall logs. The Tunnel is Up and Green status. The configuration is the same on both firewalls and straightforward.</P> <P>Policy allows all applications</P> <P>No NAT</P> <P>Static route between both sites and Peers are pingable</P> <P>Static route for the internal networks using the Tunnel interface</P> <P>The Tunnel interface does not have ip address</P> <P>Dedicate Zone for the S2SVPN</P> <P>&nbsp;</P> <P>I'm not sure if this is a Routing or Policy issue, but current setting is allowing everything. Please advise if you have seen this scenario before.&nbsp;</P> Tue, 30 Apr 2024 01:01:41 GMT Hayder 2024-04-30T01:01:41Z https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585268#M116849 <P>Hello friends,</P> <P>&nbsp;</P> <P>I configured site-to-site vpn between two firewalls and the ping from network behind firewall (internal network) to other internal network is failed (timeout) while the traffic shows allowed in the firewall logs. The Tunnel is Up and Green status. The configuration is the same on both firewalls and straightforward.</P> <P>Policy allows all applications</P> <P>No NAT</P> <P>Static route between both sites and Peers are pingable</P> <P>Static route for the internal networks using the Tunnel interface</P> <P>The Tunnel interface does not have ip address</P> <P>Dedicate Zone for the S2SVPN</P> <P>&nbsp;</P> <P>I'm not sure if this is a Routing or Policy issue, but current setting is allowing everything. Please advise if you have seen this scenario before.&nbsp;</P> Tue, 30 Apr 2024 01:01:41 GMT https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585268#M116849 Hayder 2024-04-30T01:01:41Z https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585306#M116855 <P>did you also set a route for the remote network to egress into the tunnel interface on both sides:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="reaper_0-1714467041615.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59349i3F2D4511FF78074E/image-size/large?v=v2&amp;px=999" role="button" title="reaper_0-1714467041615.png" alt="reaper_0-1714467041615.png" /></span></P> <P>&nbsp;</P> <P>are you seein gthe ping arrive on the remote side? if you do, look at the session details if the next hop interface is the correct one etc</P> <P>&nbsp;</P> Tue, 30 Apr 2024 08:51:46 GMT https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585306#M116855 reaper 2024-04-30T08:51:46Z https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585383#M116871 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp; Thank you for your response. There was a network issue and firewall configuration was fine.&nbsp;</P> Tue, 30 Apr 2024 17:22:06 GMT https://live.paloaltonetworks.com/t5/general-topics/ping-failed-aged-out/m-p/585383#M116871 Hayder 2024-04-30T17:22:06Z