Do the usual checking settings match on both end.
Make sure you have an ACL to allow the traffic
Is there any NAT that needs to happen ?
Palo VPN commands
Check P1
show vpn ike-sa
show vpn ike-sa gateway EXIGENT-210
Check P2
show vpn ipsec-sa
show vpn ipsec-sa tunnel EXIGENT:ProxyID1
Check encaps/decaps
show vpn flow name EXIGENT:ProxyID1
If you need to take it further you can run debugs
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
No comments:
Post a Comment