https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585750#M116908 <P>Generate traffic on AWS side and then check System logs on Palo.</P> <P>You can use filter below to see only VPN events.</P> <P>( subtype eq vpn)</P> <P>&nbsp;</P> <P>Do you have NAT-T enabled on IKE gateway? (IP on your side is not public IP).</P> <P>Does it work if you delete proxy id's on Palo side?</P> <P>&nbsp;</P> Fri, 03 May 2024 13:00:25 GMT Raido_Rattameister 2024-05-03T13:00:25Z https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585725#M116900 <P>Hi Guys,</P> <P>&nbsp;</P> <P>Need your help, as I cannot figured out what's wrong with my configuration. Both side of my Phase 1 are working fine but when it comes to Phase 2 connection is not complete. Any idea how to fix this issue?</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MCipriano_0-1714708155306.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59504iE5D6F20E0DF221FA/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MCipriano_0-1714708155306.png" alt="MCipriano_0-1714708155306.png" /></span></P> <P>Here is my AWS PAN configuration. Please note that my local IP is a private IP address which is I think due to being a VM PAN but I associate it an Elastic IP address. But when I used the elastic ip address as a local ip address ike status got down.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MCipriano_1-1714708264907.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59505iCECDC550650C5E8D/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MCipriano_1-1714708264907.png" alt="MCipriano_1-1714708264907.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MCipriano_2-1714708425551.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59506iD2C2D4D83196009C/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MCipriano_2-1714708425551.png" alt="MCipriano_2-1714708425551.png" /></span></P> <P>&nbsp;</P> <P>Thank you in advance for your assistance.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 03 May 2024 06:07:23 GMT https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585725#M116900 M.Cipriano 2024-05-03T06:07:23Z https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585750#M116908 <P>Generate traffic on AWS side and then check System logs on Palo.</P> <P>You can use filter below to see only VPN events.</P> <P>( subtype eq vpn)</P> <P>&nbsp;</P> <P>Do you have NAT-T enabled on IKE gateway? (IP on your side is not public IP).</P> <P>Does it work if you delete proxy id's on Palo side?</P> <P>&nbsp;</P> Fri, 03 May 2024 13:00:25 GMT https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585750#M116908 Raido_Rattameister 2024-05-03T13:00:25Z https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585840#M116930 <P>Hi,</P> <P>&nbsp;</P> <P>I already resolved the issue. Anyway, thanks for the response.</P> Mon, 06 May 2024 06:28:02 GMT https://live.paloaltonetworks.com/t5/general-topics/tunnel-status-red-aws-pan-to-onprem-pan/m-p/585840#M116930 M.Cipriano 2024-05-06T06:28:02Z