To configure the security zone, you need to go Network > Zones > Add. Creating a Security Zone on Palo Alto Firewallįirst, we need to create a separate security zone on Palo Alto Firewall. You need to follow the following steps to configure IPSec Tunnel’s Phase 1 and Phase 2 in Palo Alto. PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.Ħ4 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=0.177 msĦ4 bytes from 1.1.1.1: icmp_seq=2 ttl=64 time=0.157 ms Steps to configure IPSec Tunnel on Palo Alto Firewallįirst, we will configure the IPSec Tunnel on Palo Alto Firewall. Before jump into the configuration part, just check the reachability of both devices using the ping utility. IP 1.1.1.1 is configured on the Cisco ASA firewall and 2.2.2.2 is configured on the Palo Alto Firewall as shown below:Īs you noticed, the LAN subnet 192.168.1.0/24 is connected with Cisco ASA and on the other hand, the LAN subnet 192.168.2.0/24 is connected with the Palo Alto Firewall. In this example, I’m using two routable IP addresses on both Palo Alto and Cisco ASA firewalls, which are reachable from each other. Scenario – IPSec Tunnel between Cisco ASA and Palo Alto FirewallĪs already discussed, you must need static routable IP on both Palo Alto and Cisco ASA firewalls. Analyzing the IPSec traffic through the Wireshark.Troubleshooting IPSec tunnel on Palo Alto Firewall.Troubleshooting IPSec tunnel on the Cisco ASA Firewall.Troubleshooting the IPSec tunnel – PA & ASA.Initiating the IPSec tunnel and verify the traffic using Wireshark.Configuring the Crypto MAP and Extended ACL to allows IPSec traffic on Cisco ASA.Configuring the Tunnel Group and Pre-Shared Key on Cisco ASA.Configuring the Phase1 (IKEv1) on Cisco ASA.Steps to configure IPSec Tunnel in Cisco ASA Firewall.
Configuring Route for Peer end Private Network.Creating the Security Policy for IPSec Tunnel Traffic.Creating a Tunnel Interface on Palo Alto Firewall.Creating a Security Zone on Palo Alto Firewall.Steps to configure IPSec Tunnel on Palo Alto Firewall.Scenario – IPSec Tunnel between Cisco ASA and Palo Alto Firewall.
0 kommentar(er)
