I have two IPSec tunnels configured. Traffic is flowing between a local interface and each of these two tunnels, but I can't seem to get traffic flowing between the two tunnels. I have two sites Site1 and Site2, each with a PA and one external interface. I have a IPSec tunnel between them via the external interface so clients at Site1 can reach clients at Site2 without issue. I also have a IPSec GlobalProtect Gateway configured on the PA at Site1 also via the external interface. GP clients can reach clients at Site1 without issue. I'm trying to get GP clients able reach clients at Site2. I have static routes setup, and To/From policies that allows traffic between the GP and Site2 zones on both PAs. The traffic logs are showing "allow", but sessions are "aging-out". I've tried configuring adding the GP network to the site-to-site tunnel's ProxyIDs. I've also tried setting up a "No-NAT" from the GP zone to the Stie2 zone on the Site1 PA. I'm thinking this must have something to do with NAT, but I'm not sure what the answer is. Help is much appreciated.
... View more