Palo Alto Networks Knowledgebase: Configuration Guidelines when Terminating IPSec VPN Tunnels on the Firewall

Configuration Guidelines when Terminating IPSec VPN Tunnels on the Firewall

5145
Created On 02/08/19 00:07 AM - Last Updated 02/08/19 00:08 AM
VPNs
Resolution

Details

When terminating IPSec VPN tunnels on a Palo Alto Networks firewall, consider that:

  • The terminating interface must be associated with the same zone as the external port where the tunnel packets enter the firewall. If terminating the tunnel on an aggregate ethernet interface, the aggregate interface must also be bound to the external interface (where the tunnel packets enter the firewall).
  • The interface is where the original packet (IKE packet) entered the firewall.

 

owner: nayubi



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKYCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language