I am thinking about possibility of doing a tunnel monitoring from palo alto to cisco route vpn which is configured in policy based mode.
Do palo alto supports below configuration to do so.
1. Set up /32 IP in tunnel interface of palo alto
2. Configure tunnel monitoring to Peer IP of peer cisco.
Do this work?
Yes the PANW supports tunnel monitoring to monitor the remote side of the tunnel.
Hi @Aaida ,
As @SteveCantwell said, it will work. With regard to your second point, the "Peer IP" should not be the public IP address of the Cisco, but rather an IP address that is routed over the VPN, preferable a device that will never be turned off.
What is your intended purpose of tunnel monitoring, to keep the tunnel up or something else?
Hi @Aaida ,
Excellent. Yes, you can set the Tunneling Monitoring Profile to Fail Over, and when the IP is unreachable, it will shut down the tunnel interface and remove the routes to the tunnel. You will need to have an alternative path, another VPN tunnel or something.
Please stop saying "monitor peer IP." It sounds like you are talking about the public VPN peer IP address. That is not how it works. You need to monitor an IP address reachable via the VPN tunnel.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!