How to setup IPSEC VPN tunnel between PA-3020 with PA-200

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to setup IPSEC VPN tunnel between PA-3020 with PA-200

Not applicable

I would like to know if there is a way we can setup two PA to talk over VPN for eg:

1- PA-3020 at HQ .

2 - PA-200 in our branch office.

I would like my PA-200 to connect with PA-3020 over IPsec VPN and at our branch office we have DSL connection. If someone has done this kind of setup please I would like you input.

1 accepted solution

Accepted Solutions

L5 Sessionator
4 REPLIES 4

L5 Sessionator

L2 Linker

Well I can confirm that it works fine - The only thing to think about from me is to make sure that the PA200 talks to the internet without the DSL router filtering out traffic - I always try to get a proper external static IP when deploying in that sort of situation but it may not be possible in all cases & so you need to watch out for NAT & router - firewall problems.

L4 Transporter

Do you have a security rule at the and that drops traffic from any  zone to any zone, any application, any source to any destination?

This ANY/ANY/DROP rule will break VPNs and routing protocols.

Your Tunnel termination is effectively originating on the UNTRUST zone and terminating on the UNTRUST zone. 

Create an additional Security policy that allows APP = IPSEC and IKE from UNTRUST to UNTRUST and place this rule before the DENAY all rule and the problem should be resolved.

SKrall

links dont work....

  • 1 accepted solution
  • 3126 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!