BGP issue between On-pre PA and Azure via a site to site VPN

Reply
L0 Member

BGP issue between On-pre PA and Azure via a site to site VPN

I am trying to setup Azue site to site VPN with BGP. IPsec tunnel came up successfully and I can ping from PA BGP Peer IP to Azure BGP peer IP. However, BGP session can not be established. It gets stuck in connect state. I have been reseraching Azure VPN with BGP example in the Inernet but I could not find any example. PA BGP is compatble with Azure BGP?

 

admin@IaaS-AJWS-PA01(active)> ping source 192.168.123.100 host 10.20.254.254
PING 10.20.254.254 (10.20.254.254) from 192.168.123.100 : 56(84) bytes of data.
64 bytes from 10.20.254.254: icmp_seq=1 ttl=127 time=15.3 ms
64 bytes from 10.20.254.254: icmp_seq=2 ttl=127 time=15.1 ms
64 bytes from 10.20.254.254: icmp_seq=3 ttl=127 time=15.3 ms

 

PA version is 7.1.14

 

==========
Peer: Azure-East2 (id 16)
virtual router: default
Peer router id: 0.0.0.0
Remote AS: 65515
Peer group: PG-Azure-East2 (id 9)
Peer status: Connect, for 0 seconds
Password set: no
Passive: no
Multi-hop TTL: 5
Remote Address: 10.20.254.254
Local Address: 192.168.123.100
(R) reflector client: not-client
same confederation: no
send aggr confed as-path: yes
peering type: Unspecified
Connect-Retry interval: 15
Open Delay: 0
Idle Hold: 15
Prefix limit: 5000
Holdtime: 0 (config 90)
Keep-Alive interval: 0 (config 30)
Update messages: in 0, out 0
Total messages: in 0, out 1204
Last update age: 152880
Last error:
Flap counts: 4256, established 0 times
(R) ORF entries: 0
Nexthop set to self: no
use 3rd party as next-hop: yes
override nexthop to peer: no
----------
remove private AS number: no
----------

L5 Sessionator

Re: BGP issue between On-pre PA and Azure via a site to site VPN

BGP is BGP and it is compatible. I suggest to trouble shoot it as you would troubleshoot a physical device attempting to establish a BGP peer relationship that is getting stuck in a connect state. 

L0 Member

Re: BGP issue between On-pre PA and Azure via a site to site VPN

We upgareded the PAN from 7.1.14 to 8.0.10. This solved the issue. Now Azure VPN and BGP is working as expected.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!