Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
IPSEC 隧道出现, 但对等主机后面无法到达 - Knowledge Base - Palo Alto Networks

IPSEC 隧道出现, 但对等主机后面无法到达

57356
Created On 09/25/18 19:36 PM - Last Modified 06/09/23 08:54 AM


Resolution


问题

有时, 在帕洛阿尔托网络设备和另一台设备之间的站点到站点 IPSec VPN 上, 1 阶段和2阶段将会上升。但是, 对等方后面的主机无法访问。

详细

确定隧道接口所在的区域。如果隧道接口位于不信任区域中, 则通信量将 NATed 到公共 IP, 而离开隧道时, 由帕洛阿尔托网络设备上的默认 NAT 规则进行。

解决办法

解决此问题有两个选项:

  • 将隧道接口移动到其中一个内部区域, 这样在离开隧道时通信量不会得到 NATed。
  • 创建从内部区域到对等方后面的目标地址的通信的非 NAT 规则。

所有者: achalla
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 239,941
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cla4CAC&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language