The Palo Alto Networks firewall is getting its IP address from DHCP. We have to configure the IP Sec tunnel between Palo Alto Networks device and Cisco ASA.The only difference on the Palo Alto Networks firewall is in IKE Gateway. The rest are the same as a normal VPN.
Configuration on Cisco ASA.
1. Define Proxy ACL for interesting traffic:
access-list ASA-PA-ACL extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0