PA to Cisco 5505 VPN tunnel

infotech · ‎06-04-2014

When trying to configure a site to site VPN tunnel from a PA 3020 to a Cisco 5505 firewal I am getting th following messages on the Cisco firewall

received encrypted packet with no matching sa dropping

all ipsec proposals found unacceptable

jcostello · ‎06-05-2014

can you grab and clean up (replace any public IPs with something else i.e replace the Cisco address with Cisco-Address) the following from the 3020

show network tunnel ipsec (only need the lines for the tunnel having issues)

show network ike crypto-profiles ike-crypto-profiles

show network ike gateway (only need the gateway associated with this connection)

From the ASA - connect to ssh or console

show run

find the related Cisco command from this article - Sample IPSec Tunnel Configuration - Palo Alto Networks Firewall to Cisco ASA for the VPN

infotech · ‎06-05-2014

This may take me awhile

I tried to do a

show network ike crypto-profiles ike-crypto-profiles

on the 3020 it gave me an invalid syntax

jcostello · ‎06-06-2014

try just show network ike crypto-profiles

infotech · ‎06-06-2014

I do not find an option for show network on the PA 3020 unless I am in the wrong place in the cli

jcostello · ‎06-06-2014

are you in configure mode?

infotech · ‎06-06-2014

No didn't know I had to be, I have never done cisco or PA before I took this job so I am still learning a lot

HULK · ‎06-06-2014

Hello Infotech,

If you are still having problem to setup IPSec tunnel between Cisco to PAN, I would recommened you to open a ticket with support. They might help you for the same.

Thanks

infotech · ‎06-09-2014

Yes I have contacted support for assistance with my issue thanks

Unlock your full community experience!

PA to Cisco 5505 VPN tunnel

PA to Cisco 5505 VPN tunnel

Show your appreciation!