Configuring the Palo Alto Networks Device as an IPSec Passthrough
99545
Created On 09/25/18 17:27 PM - Last Modified 11/19/19 05:19 AM
Environment
Exception : PA-7000, PA-5200 and PA-3200 series
Resolution
Additional Information
On PA-7000, PA-5200 and PA-3200 series, due to an architectural difference, we use a different technique for session creation of IPSec pass-through traffic.
Security policies must be configured to allow pass-through ESP traffic in both directions on PA-7000, PA-5200 and PA-3200 series platforms.
Please refer to this article.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpXCAS