Is Proxy-ID needed for BGP to establish a TCP session on port 179 over IPSec-Policy based VPN?

Is Proxy-ID needed for BGP to establish a TCP session on port 179 over IPSec-Policy based VPN?

12734
Created On 01/22/23 05:19 AM - Last Modified 01/23/23 22:04 PM


Question


Is Proxy-ID needed for BGP to establish a TCP session on port 179 over IPSec-Policy based VPN?

Environment


  • Palo Alto Firewalls.
  • All supported PANOS versions.
  • IPSec tunnel between Palo Alto and other firewall which supports Policy based VPN.

Answer


  1. Yes. Proxy IDs are needed for the BGP  to establish a TCP session on port 179 with its peer over IPSec tunnel with Policy based VPN
  2. The Local address and Peer address are configured in step 6.7 and step 6.8 on Configure BGP.
  3. The same IP addresses must be configured in proxy-id configuration  IPSec Tunnel Proxy ids
bgp.PNG
proxy-id.PNG
 

Additional Information


Policy based VPN: Encrypt a subsection of traffic flowing through an ipsec tunnel interface as per configured in the proxy-id configuration.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGRLCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language