I have set up an IPSec VPN tunnel which seem to be up, however, i cannot ping from my local LAN IP on tunnel interface to the other side LAN interface of the tunnel. NOTE - Other end of the tunnel is terminated on ISP network where we are using their MPLS network to connect our global sites.
My side palo alto firewall has tunnel.11 interface with 10.10.8.17/30 ip address and the other end at ISP has been configured with 10.10.8.18/30
rutvijb@pa-fw(active)> ping source 10.10.8.17 count 5 host 10.10.8.18
PING 10.10.8.18 (10.10.8.18) from 10.10.8.17 : 56(84) bytes of data.
--- 10.10.8.18 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4010ms
So I hate to blame it on the other side, but this configuration is relatively straight forward. Configure the IP address on the tunnel interface, configure the routing, verify that the security rulebase is properly permitting the traffic, and lastly verify that the tunnel interface accepts ping from the IP address that you are testing from.
I would just verify with the folks running the other device that they've actually verified the security rulebase on their end is allowing the traffic, that the interface-management-profile actually allows ping, and that they haven't configured permitted IPs on that interface-management-profile.
As long as that all looks good on both sides, this really should "just work" from a configuration standpoint.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!