02-08-2012 11:35 AM
Is there any document that shows how to configure IPSec VPN (or any vpn rather than SSL) on the PAN? I am not looking for site to site. I only found site to site configuration. The solution will be for clients who can vpn in remotely from everywhere. I'd like to offer this as a second vpn solution after ssl vpn which sometimes give a few issues to remote users. Thanks very much
02-09-2012 12:18 AM
There are some docs in the devcenter if im not mistaken, otherwise this should be already described in the administrator manual which you find if you click on Technical Documentation at https://support.paloaltonetworks.com
02-09-2012 09:12 AM
Thanks. In fact I did looked at the admin guide yesterday from page 161-170. I got IPSec config done on PA2050 with some tweakings because the admin guide instruction is too general. I will try the IPSec vpn client, TheGreenBow, which works on the Netscreen to see how it goes. I am new to PAN and just realized that ssl vpn has so many issues with windows 7 and mac
02-09-2012 09:17 AM
Dont forget the proxy-id (which seems to be the no1 mistake when ipsec stuff wont work :smileysilly:)
02-09-2012 09:22 AM
Thanks for the tip. I don't think it will work on first try so I will have to go back and do more tweakings
02-09-2012 10:04 AM
Hi,
I dont think PAN devices support certificate based IPsec Vpns, as SSL-Vpns(global protect ) is providing this functionality. So, in this case after SSL-VPN as your first option, i am not sure what will be your backup Vpn option.
Tx,
Sandeeep.
02-09-2012 10:37 AM
This is the error I get now on the PAN. Going back to the config to look
IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 172.16.0.0/16 type IPv4_subnet protocol 0 port 0, received remote id: 10.1.10.73/32 type IPv4_address protocol 0 port 0.
02-09-2012 11:11 AM
Looks like I'll need to contact support for this. Hopefully I can get a solution from them
02-10-2012 09:32 AM
It finally worked as of yesterday after talking to support and quite a few tweakings on the PAN and on my GreenBow IPSec vpn client. I will test simutaneously vpn connections to see how it works
02-10-2012 09:33 AM
In this case, I don't need certificate. A simple IPSec is sufficient. It's working for me now. Thx
02-22-2012 04:30 PM
I can now have multiple IPSec clients connect at the same time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
