Anyone have a guide on how to set site to site vpn between PA200 and Juniper 5GT?. I tried a luck but now enable to establish a connection. In Juniper the tunnel i created the status is ready.
A little help please.
IPSEC on PAN-OS firewalls is Route Based .
For the ease of config and co-relation , configure Route-Based on the Juniper-5GT (Screen-OS ) firewall.
Proxy-IDs can be left blank (not-configured) at both ends as both Screen-OS and PA firewall in route-based mode use defaults (local 0.0.0.0/0 remote : 0.0.0.0/0 , service any)
Use security level of standard for both for the proposals on 5GT.
Config Guides :
Addtional Ref :
Thank you for help and i managed to up the link between the two sites half-way. Looking on my PA200 side the Ipesec Tunnel are up for both Phase 1 and Phase 2. But on my 5GT Juniper side the link status of the Tunnel is Down but its Active.
I can not ping any internal ip addresses from each from Firewall. But for the public IP addresses for each firewall i am able to reach them thru ping.
I have few attachment and hope it can guide you to give some advices that i miss out. I am not so sure if this is something to do on the PA200 policy.
On PA-200's end Make sure
1>You have configured a static route with tunnel.2 as an Interface and next-hop = None
2>Security rules (bidirectional if needed) between tunnel-zone and Inside zone.
# decap bytes are incrementing while encap=0 which suggests that PA firewall is receiving traffic for tunnel from Juniper's End but not sending any traffic for the tunnel.
Juniper Link Down -Could be related to Tunnel Monitoring.
Try to allow PING on the Tunnel Interface (PA-200) using Interface-Managment profile .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!