TLS handshake error when using my IPsec tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TLS handshake error when using my IPsec tunnel

L1 Bithead

I have an IPsec tunnel set up between two PAs. Everything showing green and I can ping between the two networks. My problem is that whenever I try to access a Docker container over TLS through the tunnel I receive a TLS handshake error, connection reset by peer. I have tried a variety of fixes including changing the Docker network settings and lowering the MTUs on the interfaces and Docker containers and nothing has fixed it. When I try to access these same containers from within the network, everything works as expected. It also works fine over a Wireguard tunnel that I was using previously.

1 accepted solution

Accepted Solutions

Tunnel was misconfigured. Followed this video exactly and it worked: https://www.youtube.com/watch?v=GPANrMczTz4 . Had to add some additional security policies to this.

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@KevinHaynes,

Have you looked at both PAs and ensured that the traffic is being allowed on both ends? Do you have any restrictions on the container side of things that would prevent the IPs coming across your tunnel from accessing the site?

I have security policies allowing the traffic. Do I need to add Policy Based Forwarding as well? I had thought all along that this was a Docker issue, but I just tried accessing a resource through the tunnel that was not on Docker and got the same connection reset. I am new to PA, so I'm not sure exactly what policies need to be in place allow the traffic through the tunnel.

Tunnel was misconfigured. Followed this video exactly and it worked: https://www.youtube.com/watch?v=GPANrMczTz4 . Had to add some additional security policies to this.

  • 1 accepted solution
  • 378 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!