We are trying to setup a IPSec VPN from our VM-300 Palo Alto Firewall running in AWS. Using PANOS 9.0.11.
I’m having issues with the configuration of the IKE Gateway as the Interface IP address is set via AWS DHCP and does not reflect the public (elastic) IP.
PAN OS will not allow me to set an address in the Local IP address field the only option allowed is 'none'.
The address for the interface is set by DHCP (VIA AWS) and my guess is that this is why the PAN won’t let me set the local IP value for the gateway.
I tried using the local and peer identification fields
The system logs show:
@SebRupik gave you the best answer. You could also just spin up the AWS side like you would any other DHCP peer and use one of the other identification methods available to you outside of IP Address like FQDN, KEYID, or Email Address. You don't absolutely need to utilize the IP address for Identification, even though that's the most secure option if available.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!