I have read various articles but I am still not very clear on the tunnel monitoring, proxy Ids and the IP addresses on the tunnel and tunnel.1 interfaces I am supposed to be using. I aslo am not sure what I need the ASA to setup to help me get our VPN tunnel running and ready for failover. I tried to follow the configuration article "how to Configure a Palo Alto Networks Firewall with Dual ISPs and Automatice VPN Failover", but I get very confused when they talk about the PBF and the tunnel's needing IP addresses. Which tunnels's need IP addresses, I have tunnel and tunnel.1 and what should those addresses be. This article gets confusing when the other end is an ASA firewall, not a PA. Their is just a Note at the end that gets into more details, but it doesn't show the details. When I set the arbitrary ip address on the tunnel, do I use that IP address anyplace else or do I continue to use the peer address and remote internal IP address everyplace else? I know the ASA needs to create a static route on there end for the return of that tunnel IP address, does that static route just sends that private IP back down the tunnel? They discuss needing Proxy IDs and getting the mirror image of that Proxy ID on the ASA, Is the remote IP for that Proxy ID supposed to be the remote public ip or the remote internal IP or the specific IP of the device I am pinging. How does the ASA setup their Proxy ID, the person I am dealing with has never setup a proxy ID on the ASA before. I am sure I have more questions and that this post is a bit confusing, but this VPN setup is very new to me, let alone one with an ASA with the Dual ISPs.
... View more