This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
There ended up being two issues. We had the static routes configured wrong (the next hop for the default 0.0.0.0/0 route was incorrect). We found the correct one by using the command "show arp all", or by doing a traceroute to the peer IP. The other issue was that we still have an existing firewall on the network that was blocking IPSec VPN traffic. I corrected the routes and disabled the filters in our firewall and the tunnel now works as expected.
... View more
We recently purchased a PA850 and PA220 to use at two different locations and want to set up a tunnel between the two devices. I am unable to successfully get connectivity between them. I am trying to follow this guide (Site-to-Site VPN with Static Routing ), but I'm not sure if the problem is in my configuration or the physical hardware connections I have set up. Both devices are on stock 9.0.1 with completely fresh/out-of-box defaults aside from the MGT interface and admin login. Physically, the PA850 has an ethernet cable connected from ethernet1/3 to a switch and is configured with the IP 198.X.Y.5. The PA220 has an ethernet cable connected from ethernet1/3 to an ISP router that is completely separate from the network of the 850. It is configured with the IP 97.X.Y.34. I can ping both interfaces from anywhere, so I know they are reachable over the internet.
... View more