I have new tas - make VPN s2s between PA200 and Mikrotik router.
PA (PA 200 on 6.1.4) has Advanced phase mode 1 optios set to AUTO and "anable passive mode" not checked
Mikrotik (751U-2HnD with latest 6.30 router OS) is in aggressive mode.
It's quite simple task, few policy rules on PA and on Mikrotik side. Configuration similar to PA<>Cisco.
I got strange resoults, everything seems to be OK.usually tunnel is working, hosts on both sides could ping each other, but ...
I'm able to ping from A side to B, but not from B to A (packed rejected)
Side A pinging side B, ping from B to A doesnt working UNTIL I stopped ping from A to B
Mikrotik shows Installes SAs:
Is it normal that on PA side Auth is none and Enc Algoritms is none?
Has anyone any idea whats going on?
At the moment (about 5min later than I created screenshots above) Ping from B to A started working - is it kind of mystery or what?
Help me please
In daily report I got:
Device SN Virtual System Rule Bytes Sessions
001606004XXX vsys1 VPN-s2s-local-networks 1021.08 M 129.84 k
It's mean that security rule that allowing traffic between A and B transfered ~1GB and generates 130000 sessions. Thats pretty much sessions - why?
I used TotalCommander to upload and download 2,4GB ISO files, so I genereated more than 5GB traffic I think.
Second problem, using ping from A to B gateway I got aroung 10-17% loss of ping packet - is it normal?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!