How to make Palo Alto Networks firewalls Responder-only in an IPSec tunnel

How to make Palo Alto Networks firewalls Responder-only in an IPSec tunnel

43105
Created On 09/25/18 18:00 PM - Last Modified 02/07/19 23:52 PM


Resolution

The IKE Initiator is the device initiating the IKE VPN tunnel negotiation request and the IKE Responder is the device receiving the request to establish an IKE VPN tunnel. Using a simple check box, we can make the firewall act as a 'Responder-only' in the negotiation. With this option enabled, the firewall responds to incoming connection negotiations as it would normally do, but it will no longer initiate outgoing negotiations. 

 

How to enable responder-only setting

To enable this setting, navigate to Network > network profiles > IKE Gateways and open the IKE Gateway relevant to the IPSEC tunnel. Then access the 'Advanced Options' tab and check the box for 'Enable Passive Mode'.

 

Responder.JPGCommit is necessary to enable this change

 

See Also:

IPsec resources list

 

owner: ansharma



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMZCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language