04-20-2023 10:53 PM
I am thinking about possibility of doing a tunnel monitoring from palo alto to cisco route vpn which is configured in policy based mode.
Do palo alto supports below configuration to do so.
1. Set up /32 IP in tunnel interface of palo alto
2. Configure tunnel monitoring to Peer IP of peer cisco.
Do this work?
04-25-2023 06:27 AM
Yes the PANW supports tunnel monitoring to monitor the remote side of the tunnel.
04-25-2023 07:47 AM
Hi @Aaida ,
As @SteveCantwell said, it will work. With regard to your second point, the "Peer IP" should not be the public IP address of the Cisco, but rather an IP address that is routed over the VPN, preferable a device that will never be turned off.
What is your intended purpose of tunnel monitoring, to keep the tunnel up or something else?
04-25-2023 07:53 AM
My intention is to monitor tunnel and auto failover. So if we monitor peer Ip of cisco, we can achieve auto failover right
04-25-2023 08:30 AM
Hi @Aaida ,
Excellent. Yes, you can set the Tunneling Monitoring Profile to Fail Over, and when the IP is unreachable, it will shut down the tunnel interface and remove the routes to the tunnel. You will need to have an alternative path, another VPN tunnel or something.
Please stop saying "monitor peer IP." It sounds like you are talking about the public VPN peer IP address. That is not how it works. You need to monitor an IP address reachable via the VPN tunnel.
04-25-2023 09:11 AM
Thank you so much Tom, so what about routers internal interface ip, we can monitor that right
04-25-2023 10:09 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!