VPN between 2 Palo Alto Firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VPN between 2 Palo Alto Firewalls

L0 Member

Hi there,

 

I am trying to setup VPN between 2 Palo Alto Firewalls. On one side I have public address but on the other side I am using a private ip address as this Palo Alto is behind a router. The VPN is not coming up. I also tried to do port forward from the router to the Palo Alto but still no success. What am I doing wrong here guys or will it work with this kind of setup at all?

 

Thanks

2 REPLIES 2

L5 Sessionator

Are you enabling NAT Traversal?

What does system-log say on both sides?

System log would be a hint to troubleshoot.

L6 Presenter

Hello,

 

NAT-T.PNG

 

Here is a good explanation what is NAT-T:

 

http://www.internet-computer-security.com/VPN-Guide/NAT-T.html

 

Encapsulating IPSEC in UDP is likely to require an adjustment to the MSS on the firewall and on devices between the firewall and the internet because of the extra headers.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/NAT-Traversal-in-an-IPSEC-Gateway/ta-p/6...

 

After all this done,

 

Please check/post your ike logs, better from the responder side or both:

 

> tail lines 50 mp-log ikemgr.log

 

Thx,

Myky

  • 2044 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!