I established an Ipsec tunnel (policy based) between palo Alto and Cisco FW.
phase 1 & phase 2 are up and running but trying to transfer data, fail.
Capture packet (merge recieved and transmit) shown
Source : SYN
Dest : SYN ACK
And then Dest : retransmit SYN ACK.
If this capture is within transmit pcap, this mean the re transmission packet have been forwarded into the IPSEC Tunnel (egress interface) ?
Previoulsy, I was working with Checkpoint and able to use command line FW MONITOR to know if my packet was forward/encrypted to the tunnel. (this mean problem is located on FW itself or after the FW.
Is it a tool that permitting to know if this SYN ACK packet is forwarded into Interface tunnel or not ?
Check the traffic logs to see why the traffic is getting blocked. Before this make sure you enable logging on your security policies. This should tell you where and why the traffic is getting blocked.
Security policy basics:
Could also be routing, make sure you put the destination subnet into your virtual router and point the destination at the tunnel.
Hope this helps.
Thanks for your reply,
Anyway, I don't have traffic blocked in logs (allowed but aged out), and the tcp handshake start with SYN and ACK, this mean not blocked.
I was suspecting routing issue, that's why (even the route is set as static route) I would like to know how to be sure, this ACK reply has been properly "pushed" to my tunnel interface?
Also here are some additional articles that have additional information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!