This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN between 2 Palo Alto Firewalls

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VPN between 2 Palo Alto Firewalls

harmander
L0 Member

‎08-23-2016 10:54 PM

Hi there,

 

I am trying to setup VPN between 2 Palo Alto Firewalls. On one side I have public address but on the other side I am using a private ip address as this Palo Alto is behind a router. The VPN is not coming up. I also tried to do port forward from the router to the Palo Alto but still no success. What am I doing wrong here guys or will it work with this kind of setup at all?

 

Thanks

0 Likes Likes
2 REPLIES 2

emr_1
L5 Sessionator

‎08-23-2016 11:10 PM

Are you enabling NAT Traversal?

What does system-log say on both sides?

System log would be a hint to troubleshoot.

TranceforLife
L6 Presenter

‎08-24-2016 12:02 AM - edited ‎08-24-2016 12:03 AM

Hello,

 

NAT-T.PNG

 

Here is a good explanation what is NAT-T:

 

http://www.internet-computer-security.com/VPN-Guide/NAT-T.html

 

Encapsulating IPSEC in UDP is likely to require an adjustment to the MSS on the firewall and on devices between the firewall and the internet because of the extra headers.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/NAT-Traversal-in-an-IPSEC-Gateway/ta-p/6...

 

After all this done,

 

Please check/post your ike logs, better from the responder side or both:

 

> tail lines 50 mp-log ikemgr.log

 

Thx,

Myky

0 Likes Likes
  • 2042 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks