12-16-2021 12:09 AM - edited 12-16-2021 12:34 AM
Hello
I established an Ipsec tunnel (policy based) between palo Alto and Cisco FW.
phase 1 & phase 2 are up and running but trying to transfer data, fail.
Capture packet (merge recieved and transmit) shown
Source : SYN
Dest : SYN ACK
And then Dest : retransmit SYN ACK.
If this capture is within transmit pcap, this mean the re transmission packet have been forwarded into the IPSEC Tunnel (egress interface) ?
Previoulsy, I was working with Checkpoint and able to use command line FW MONITOR to know if my packet was forward/encrypted to the tunnel. (this mean problem is located on FW itself or after the FW.
Is it a tool that permitting to know if this SYN ACK packet is forwarded into Interface tunnel or not ?
Regards
12-16-2021 02:29 PM
Hello,
Check the traffic logs to see why the traffic is getting blocked. Before this make sure you enable logging on your security policies. This should tell you where and why the traffic is getting blocked.
Security policy basics:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWZCA0
Could also be routing, make sure you put the destination subnet into your virtual router and point the destination at the tunnel.
Hope this helps.
12-16-2021 11:36 PM
Thanks for your reply,
Anyway, I don't have traffic blocked in logs (allowed but aged out), and the tcp handshake start with SYN and ACK, this mean not blocked.
I was suspecting routing issue, that's why (even the route is set as static route) I would like to know how to be sure, this ACK reply has been properly "pushed" to my tunnel interface?
Regards
12-17-2021 08:55 AM
Hello,
To check routing click the Networking tab at the top ->Virtual routers -> More Runtime Stats
Then look for a subnet that is on the Cisco side of the tunnel, then make sure it points to the tunnel.
Regards,
12-17-2021 11:10 AM
Hello,
Also here are some additional articles that have additional information.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clh5CAC
Regards,
12-18-2021 12:07 PM
I had the same issue with failing Data transfer, however i found this discussion and thanks for your helpful articles links, I manage my issue, waiting more useful discussion about Ipsec tunnel.
12-20-2021 12:53 PM
Hello,
Glad you found it useful. Always feel free to post any questions.
Cheers!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
