Hello, great problem description. There is no issue with route based vpn. From your problem description this should work just fine UNLESS, there is a routing issue on the other side of the tunnel. Especially since you are getting incompletes, it sounds like traffic is going across the tunnel from the Paloalto side but nothing is returning. So since the remote end can see your traffic, make sure that that return traffic from the remote end is pointed to the device that is the other side of the tunnel. So in other words if your configuration is like this: client<----->Paloalto<----->tunnel<------>the device terminating the tunnel<----------->server on remote network make sure and pay attention to your NAT's and routes. The "server on remote network" traffic that is destined for the "client" should be routed back to "the device terminating the tunnel". thanks, Stephen
... View more