IKEv1 Site-to-Site tunnel between Cisco ASA and Palo Alto NGFW — Part 2

A step by step guide in configuring site-to-site tunnel between two firewalls (ASA and Palo Alto).

Part 2 — Configuring Palo Alto NGFW

1. Configure zones for the trusted, untrusted and VPN zone.

Network > Zones

2. Configure virtual route and default route.

Network > Virtual Router > Router Settings

Network > Virtual Router > Static Routes

3. Configure local and remote addresses.

Objects > Addresses

4. Configure IKE Crypto Policy (Profile) and Crypto Gateway

Network > Network Profiles > IKE Crypto

Network > Network Profiles > IKE Gateways > General

Network > Network Profiles > IKE Gateways > Advanced Options > IKE Crypto Profile

4. Configure IPsec Crypto Profile

Network > Network Profiles > IPsec Crypto Profile

5. Configure IPsec tunnel

Network > IPsec Tunnel > General

Network > IPsec Tunnel > Proxy IDs

6. Configure Security Policy that will allow the traffic bi-directional.

Policies > Security

7. Verification