Hi All,
Im probably missing something here but i need to create a site to site vpn with a watchguard. I control the palo but for some reason the phase 1 of the tunnel is not coming up!
I have done many VPN's on the Palo and know my way around them very well but cannot work this out for the life of me!
the IKE and IPSEC profiles match exactly on both ends. The only thing that has not been established yet is the proxy IDs as the local subnet to be used is not fully routable yet (just needs to be added to the MPLS but ignore that for now) I would have expected the phase 1 of the tunnel to come up at least!? Ive tried using local and remote identifiers and not use them but what ever i try nothing works.
Confirmed all transform sets are correct on both ends, all policies, encryption keys... but again i dont care about phase 2 yet as i know thats not going to work till the 3rd party update their local and remote LAN settings.... but come on phase 1 should be working man!!!
so in order i have created IKE policy, IPSEC policy, IKE gateway, IPSEC tunnel. I ahve checked, double checked and tripple checked everything and cant work out where im going wrong. Really need your help. I cant find anything online that will help me so as a last resort (should have come here first probably) i thought i would ask you fine ladies and gentlemen.
Has anyone set up a VPN from PA to Watchguard that can let me know if theres something different or special i need to use?
No comments:
Post a Comment