We want to make Palo Alto side as intiator for VPN with Azure .
Currently we have IKE settings as aes256,3des , sha1 sha256 and group 2 .
with lifetime less that azure standard 28800
still we are seeing PA acting as responder.
Basically issue is with PA is responder we are facing packet loss with azure resources.
below is article we reffered.
I guess why would you want to? The responder has better diagnostic logging if there is an issue with the tunnel.
As per me we can only make PA as passive where it becomes responder.
Will see if option to make PA as initator is manually possible ?
we are seeing strange behaviour when palo alto act as responder we are seeing packet with resources on azure.
so looking for option if we can make PA side as initiator.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!