I configured ipsec vpn with palo alto to checkpoint.
local/external ip(182.x.x.x) to peer ip(102.x.x.x) ping successful.
pinging local network to peer ip:
local pc(10.10.10.x) to peer ip(102.x.x.x) ping unsuccessful..tracert confirm drops on internet..ike not established(verified by show vpn ike-sa gateway)..following vpn troubleshooting doc.
ping 10.100.100.x(remote ip) from fw cli
ping remote pc (10.100.100.x) and pinging peer ip from firewall cli successful..but prblm is it doesn't take external ip(182.x.x.x) route..it takes another route(customer says vpn is connected to other fw too)
so fw takes that routes and successfully pings remote ip
then i put this command:
ping source 182.x.x.x host 102.x..x.x ->successful
ping source 182.x.x.x host 10.100.100.x->unsuccessful..
after going to system logs->it shows ike phase 1 aborted msg and sometimes both phase 1 and phase 2 succeeded logs..but ipsec tunnel is not showing up.
Can i tell customer to disconnect same vpn connection which is using another route to reach remote ip successfully(directly connected i think) ??
The IPSec tunnel is basically for user traffic coming from local Private subnet (10.10.10.x) to the remote private subnet (10.100.100.x). So, are you able to ping from source 10.10.10.x to destination 10.100.100.x..? Also, if you want to initiate from your external interface IP, then it should be mentioned on the proxy ID's (appropriate local and remote IP's).
Can you check the phase 1 and phase 2 status and see if the tunnel is up and not passing traffic or not coming up at all.
This document shows how to confirm the status.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!