Hi all, I have an IPSec tunnel connecting to an old SSG. Tunnel came up successfully and SSG can see the traffic and is returning correctly into the tunnel. However PAN's decrypt counter remains 0. When i did a packet capture, the returning ESP packet is dropped shown below Frame 43 and 47: The setup i have is: eth1/1 - ISP WAN in zone "outside" loopback.1 - Public IP advertised by ISP in zone "dmz" IPSec create similar to https://blog.webernetz.net/ipsec-site-to-site-vpn-palo-alto-juniper-screenos/ tunnel.1 - in zone "trust" both ends of tunnel is in "trust" IPSec statuses all showing green has policy from "outside" to "dmz" allowing any any from the two terminating IPs When i change loopback.1 to zone "outside", everything works. Any suggestion or help is very much appreciated. Thanks in advance. Model PA-820 Software Version 9.0.2-h4 Thank you, Jason
... View more