on 04-12-2023 03:59 PM
This Nominated Discussion Article is based on the post "Given Tunnel Interface IP is wrong but still tunnel is up" by @Sujanya and responded to by @TomYoung . Read on to see the discussion and solution!
I am seeing the IP address given to the tunnel interface is wrong (for the tunnel with AWS), but tunnel still came up and working without any issue.
Can anybody suggest on this. Would the IP address which we will give to the tunnel interface not matter ?
The IP address on an IPsec tunnel is optional. A standard site-to-site VPN does not require a tunnel IP address. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/vpns/set-up-site-to-site-vpn/set-up-an-ip... (Step 3)
Since the tunnel is point-to-point, all the NGFW has to do is route traffic down the tunnel and it will be received on the other side. No routing to IP addresses is needed.