I have got a tunnel set up successfully to Azure but have had to specify the peer identifier by IP address which will not be very stable. Azure support advise that the peer identifier set by azure is dynamic and that some firewall vendors (Cisco, Juniper) do not require the peer identifier to be statically set. On Palo Alto I got: ike-generic event - peer identifier (type idaddr [10.1.1.2]) does not match remote AzureCloud Please see Azure VPN with Sonicwall - peer IKE ID for details Is there any more stable work around? Thanks David
... View more
I'm trying to set up a fairly simple configuration where we have our separate wired and wireless networks connecting to the internet via one shared interface eth1/1 Basically, I am attempting to replicate the configuration here https://live.paloaltonetworks.com/docs/DOC-1884 (but with only 2 local networks, not 3). This document stresses that explicit NAT rules must be set up, but does not give an example on how to do this. I have set up untagged sub interfaces, the virtual routers, policies and what I believe to be the correct NAT policies. I know these are correct because if I only set up one sub interface everything is OK. As soon as I set up a second subinterface and hook it up to the virtual router, traffic stops flowing. I am assuming that is because I have not created the NAT policy correctly. Please can somebody provide an example NAT policy for an untagged subinterface. Thanks.
... View more