This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Several subnetworks through the tunnel between Palo Alto and Mikrotik
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: Several subnetworks through the tunnel between Palo Alto and Mikrotik
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Several subnetworks through the tunnel between Palo Alto and Mikrotik
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-22-2020 01:03 AM
Site 2 site allows only two networks to be pulled inside the tunnel (one of them behind the mikrotik and the other one behind the palo alto).I’ve tried different settings and it doesn't help.
Has anyone had experience building a tunnel between them based on GRE tunnel over IPsec?
Several subnetworks need to be passed through the tunnel.
7 REPLIES 7
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-22-2020 02:17 AM
is GRE a requirement?
a regular IPSec tunnel will allow as many subnets as you need, adding GRE will create some limitations because of GRE
Tom Piens
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-22-2020 03:12 AM
I have configured s2s between mikrotik and palo alto.
Local networks go between them. I need to add other networks through this tunnel.
On the Palo Alto, I added another network on the tunnel to the proxy id.
In mikrotik, the accept rule from the LAN(Firewall - NAT) to the network behind the tunnel.
But there is no ping.
Only two networks can be specified in the IPSEC settings.
It does not work to create another policy, as the keys begin to break.
Also, there is no separate interface on Mikrotik (like with GRE).
When adding routes, I indicate the local interface.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-22-2020 03:07 PM
Hello,
Do either of the firewall logs show where the pings are failing? It could be a policy rule that is preventing the traffic?
Regards,
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-23-2020 02:13 AM
In monitoring (traffic) PA there are no records from the network 10.10.10.0/24 (from source and dest)
ssh PA utility: ping source 10.10.10.1 host 172.16.0.254 (no response)
Mikrotik terminal: ping source 172.16.0.254 10.10.10.1 (no response)
ip - firewall -connection (no response)
Related Content
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks