I have configured an fixed IP sec VPN tunell on my PA 500. The tunell comes up OK, and I can ping an traceroute an IP adress on the network I am connectod too, through the vpn tunell. But Packet loss lies between 20 and 40 % running ping tests.
We experience the same thing on both sides of the tunell.
what can be wrong here, to me it seems like the vpn config is OK, but that it may be a routing or policy issue, but since 60-80% of the packets are actually coming through, then I dont think it is routing or policy either.
can it be an issue with ARP tables, if so will a reeboot of the firewall help, or should I reboot our ADSL modem\internet connection ?
I am not familiar with the use of "tunel monitor" - but could it be a solution there ?
The following document explains tunnel monitoring and DPD feature on the Palo Alto:
As far as improving IPsec performance, you can try adjusting TCP MSS value on the interface associated with that IPsec tunnel. Please refer the following document for the same:
Hope that helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!