05-18-2019 05:29 PM
Hello everyone. I am having an issue setting up a VPN from my Palo to my AWS Palo and was hoping someone can help. I did look at other AWS VPN issue but all i saw was issues with aws. This is something else. I have the tunnel up and established but traffic is not working. I see traffic leaving my palo over the correct tunnel interface but it gets lost somewhere along the way. Since I cannot see the encrypted tunnel traffic I have no clue if the aws palo is getting it.
I followed the Palo alto instructions for doing this which isnt much different than setting up a normal ipsec tunnel. The palo guide says to use NAT Traveral option in the IKE gateway which I have tried with no luck. By all rights it should be wotking. Any suggestions?
05-20-2019 11:44 AM
Hello,
If both phase 1 &2 are up, its probably the ACL firewall on AWS that is preventing the traffic.
Regards,
09-09-2019 09:19 PM
@scottoliver , You need to check route table on AWS side to make sure it is pointing to correct VGW.
Do you see packets getting encrypted on palo alto side ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
