We have a Cisco ASA that has tunnels to our branch offices. An Example is 192.168.9.0/24. The local network is 192.168.10.0/24. The lan port of the ASA is 192.168.10.10. The lan port of the Palo Alto is 192.168.10.1. When I change the gateway to one of the servers to use the Palo, it can ping a host on the 192.168.9.x network and the remote network can ping it. I have a static route in the Palo that points all traffic destined for 192.168.9.x to hit the ASA. When I try to RDP into the server from teh remote network it fails. I can go to the command prompt of the server and type "route add 192.168.9.0 mask 255.255.0 192.168.10.10" and everything works fine. So my question is, why does it not work pushing the routes via the Palo to the server?
****I can go from the server to the remote subnet fine.
Thank you for the detailed information. I did have that setup and it seems to work one way (if I take it out, it will not reach the branch) But it will not reverse and we are thinking it has to do with the ASA. So for now, I think we are going to add the routes in the servers. But eventually we will move the tunnels over to the Palo and it will fix it for good. Again, thanks for your insight.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!