I would like to know if there is a way we can setup two PA to talk over VPN for eg:
1- PA-3020 at HQ .
2 - PA-200 in our branch office.
I would like my PA-200 to connect with PA-3020 over IPsec VPN and at our branch office we have DSL connection. If someone has done this kind of setup please I would like you input.
Well I can confirm that it works fine - The only thing to think about from me is to make sure that the PA200 talks to the internet without the DSL router filtering out traffic - I always try to get a proper external static IP when deploying in that sort of situation but it may not be possible in all cases & so you need to watch out for NAT & router - firewall problems.
Do you have a security rule at the and that drops traffic from any zone to any zone, any application, any source to any destination?
This ANY/ANY/DROP rule will break VPNs and routing protocols.
Your Tunnel termination is effectively originating on the UNTRUST zone and terminating on the UNTRUST zone.
Create an additional Security policy that allows APP = IPSEC and IKE from UNTRUST to UNTRUST and place this rule before the DENAY all rule and the problem should be resolved.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!