site to site VPN on TP-link --- PALO ALTO ---- AWS

Showing results for 
Show  only  | Search instead for 
Did you mean: 

site to site VPN on TP-link --- PALO ALTO ---- AWS

L1 Bithead

IPSEC S2S store to HO to AWSrev1 .jpg


As of now STORE router/POS1 able to reach the head office(PALO ALTO) via site to site VPN and HeadOffice(PAN) to AWS also working via site to site VPN. But our main goal is that POS1/Store able to reach the AWS network. As of the momment POS1 not able to reach the AWS networks. I already tried to add a route on the PAN from Store network going to AWS tunnel but still not working.
Any idea on how i can make it working.  Is there any one from the community have this kind of setup. 



Cyber Elite
Cyber Elite

Hi @SamuelCardoz ,


In order to achieve your goal, you need to do all the required configuration at both Palo Alto as well as AWS end to allow communication between

STORE router/POS1 and AWS. Only adding route at Palo Alto end won't help. You can verify traffic logs on palo alto side to see what's going on and decide further actions.


I will recommend you to verify below configurations-


Security Policy 

NAT if any

Encryption domains at both sides

Routes at both sides.



  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!