This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ndresang
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ndresang
01-12-2023
2Posts
0Likes
0Solutions
Jan 12, 2023Last Visited
User
Activity
User
Profile
Latest posts by ndresang
| Subject | Views | Posted |
|---|---|---|
| 1004 | 10-14-2021 12:03 PM | |
| 1062 | 10-13-2021 05:00 PM |
User Badges
Community Statistics
| Member Since | 10-13-2021 04:45 PM |
| Date Last Visited | 01-12-2023 05:40 PM |
| Posts | 2 |
10-14-2021
12:03 PM
Well--I made some progress. I can now increment the encap and decap on both sides. The static route I added was to the specific inside address of the endpoint device, via tunnel.2. So now I can increase packet and encapsulation counters on both sides but they still dont communicate traffic through. Which would make you think firewall rule? Me too. But I added an allow any/any for a brief moment...nadda. Nothing went through. Which brings me back to a routing issue? Any help would be super appreciated. Thx!
... View more
10-13-2021
05:00 PM
Ok, I've been stumped for a few days now. I dropped a support call in for help, but they are taking their time...and I am behind schedule. LOL. I have a PA-VM-100. Its sitting in an azure cloud. There is an NSG on the Trust, Web (DMZ), and Mgmt interfaces, and a separate NSG on the Untrust. The IPSEC tunnel is green on both phases 1 and 2. I have routes on Trust, and Web, plus the virtual router set. The endpoint of the tunnel can tracert to the appropriate address so I am assuming it is not the endpoint that is misconfigured. The firewall, however, while showing appropriate routes on the CLI, cannot tracert to the appropriate address. The tunnel on the firewall side shows packets encapping but not decapping. So traffic isnt coming back, but I think traffic never leaves. On the endpoint I see the same data, packets are encapsulated but nothing coming back. Any ideas? The complexity of azure on top of the firewall is a little annoying. I am wondering if the untrust needs a routing table in azure? idk. Any pointers would be epic. Also-- did a pcap on both ends, they aren't dropped, and I see them on firewall and rx but not tx.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-12-2023
05:40 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks