IPSec VPN (non site to site)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IPSec VPN (non site to site)

L2 Linker

Is there any document that shows how to configure IPSec VPN (or any vpn rather than SSL) on the PAN?  I am not looking for site to site.  I only found site to site configuration.  The solution will be for clients who can vpn in remotely from everywhere.  I'd like to offer this as a second vpn solution after ssl vpn which sometimes give a few issues to remote users.  Thanks very much

10 REPLIES 10

L6 Presenter

There are some docs in the devcenter if im not mistaken, otherwise this should be already described in the administrator manual which you find if you click on Technical Documentation at https://support.paloaltonetworks.com

Thanks.  In fact I did looked at the admin guide yesterday from page 161-170.  I got IPSec config done on PA2050 with some tweakings because the admin guide instruction is too general.  I will try the IPSec vpn client, TheGreenBow, which works on the Netscreen to see how it goes.  I am new to PAN and just realized that ssl vpn has so many issues with windows 7 and mac

Dont forget the proxy-id (which seems to be the no1 mistake when ipsec stuff wont work :smileysilly:)

Thanks for the tip.  I don't think it will work on first try so I will have to go back and do more tweakings

Hi,

I dont think PAN devices support certificate based IPsec Vpns, as SSL-Vpns(global protect ) is providing this functionality. So, in this case after SSL-VPN as your first option, i am not sure what will be your backup Vpn option.

Tx,

Sandeeep.

This is the error I get now on the PAN.  Going back to the config to look

IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 172.16.0.0/16 type IPv4_subnet protocol 0 port 0, received remote id: 10.1.10.73/32 type IPv4_address protocol 0 port 0.

Looks like I'll need to contact support for this.  Hopefully I can get a solution from them

It finally worked as of yesterday after talking to support and quite a few tweakings on the PAN and on my GreenBow IPSec vpn client.  I will test simutaneously vpn connections to see how it works

In this case, I don't need certificate.  A simple IPSec is sufficient.  It's working for me now.  Thx

I can now have multiple IPSec clients connect at the same time.

  • 4252 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!