There ended up being two issues. We had the static routes configured wrong (the next hop for the default 0.0.0.0/0 route was incorrect). We found the correct one by using the command "show arp all", or by doing a traceroute to the peer IP. The other issue was that we still have an existing firewall on the network that was blocking IPSec VPN traffic. I corrected the routes and disabled the filters in our firewall and the tunnel now works as expected.
... View more
We recently purchased a PA850 and PA220 to use at two different locations and want to set up a tunnel between the two devices. I am unable to successfully get connectivity between them. I am trying to follow this guide (Site-to-Site VPN with Static Routing ), but I'm not sure if the problem is in my configuration or the physical hardware connections I have set up. Both devices are on stock 9.0.1 with completely fresh/out-of-box defaults aside from the MGT interface and admin login. Physically, the PA850 has an ethernet cable connected from ethernet1/3 to a switch and is configured with the IP 198.X.Y.5. The PA220 has an ethernet cable connected from ethernet1/3 to an ISP router that is completely separate from the network of the 850. It is configured with the IP 97.X.Y.34. I can ping both interfaces from anywhere, so I know they are reachable over the internet.
... View more