IPSec VPN Tunnel Palo Alto Networks Firewall to Palo Alto Networks Firewall

Does anyone know why the IPSec tunnel would show one way encapsulation? This is typically a routing issue but I checked the routing table and the remote network is there and it is send to the tunnel interface.

I am attaching the screenshot.

TIA,
LN
LateNaiteAsked:
Who is Participating?
 
LateNaiteAuthor Commented:
The issue is resolved as there as a policy based forwarding configuration that matched source/destination traffic, which caused traffic to not work.
0
 
Blue Street TechLast KnightCommented:
Hi LateNaite,

I don't see any screenshots. How are you determining there is one-way encapsulation?

Are there ACLs preventing the traffic on one end? Verify you are allowing traffic on the side that is not passing it.

I would put a capture on the receiving device to ensure the packets are leaving that device. Then, check the destination to ensure the packets are arriving at the destination. If so, I would check to ensure the packets are then leaving that destination. If they are, I would check that the packets are arriving back at your router.

We need to find out what is going on with the data; why its not coming back. Obviously, check your error logs for the tunnel being brought down for a specified reason.

On another related point, dial in your MTUs if you haven't already. Here is an easy guide: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html

let me know how it goes!
0
 
LateNaiteAuthor Commented:
Resolved the issue.
0
 
Blue Street TechLast KnightCommented:
Next time try providing some feedback... it's better for you since you are the one asking the questions! ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.