IPSEC VPN through PAN comes up but does not pass traffic

cancel
Showing results for 
Search instead for 
Did you mean: 

IPSEC VPN through PAN comes up but does not pass traffic

L0 Member

What needs to be enabled to allow a VPN that once worked to be allowed through a 3020. I had a Juniper to Juniper IPSEC VPN that worked before the 3020 was placed between the 2 junipers. What needs to be allowed to make sure that the traffic passes.The VPN comes up,but no data is able to pass

2 REPLIES 2

L5 Sessionator

Please check if

1) you have the correct proxy ids configured on both the firewalls ( the local and the remote networks must be mirror images on both the firewalls )

2) You have the routes configured on the tunnel interface for the remote network ( If the Juniper firewalls supported policy based VPNs, we do not have tunnel interfaces and hence no routes for  the remote network, on the Juniper firewall)

3) Check if you have the policies configured correctly for the zones ( the tunnel interface should be assigned to a zone and a virtual router, and we must have the appropriate policies in place to allow end to end traffic)

BR,

Karthik

L5 Sessionator

In addition to what karthik said below doc explains Why is a Proxy-ID Required for VPNs between PAN and Firewalls that Support Policy Based VPNs?

https://live.paloaltonetworks.com/docs/DOC-3073

Hope this helps you resolve the issue.

Thanks

Numan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!