Configuring IPSEC between PaloAlto and Cisco routers is easy to remember

IPSEC VPN configuration between Palo Alto and Cisco routers

Model

VPN specifications:

Stage 1:

Encoding: 3des

Hash md5

Pre-shared key: 123456

DH group 2

Battery life: 28800 seconds

Stage 2:

Encoding: esp-3des

Hash value: md5

Progression-free survival group 2

IP tunnel:

Palo Alto: 172.16.1.1/24

Cisco 172.16.1.2/24

Palo Alto configuration:

Just around these menus:

enter first IKE encryption:

Select Add and fill in the first phase parameters as planned

Next enter IPSEC encryption:

Select Add and fill in the Phase 2 parameters

Next enter IKE gateway

Select Add and fill in the WAN IP parameters, the remote end…

We create a tunnel to carry VPN traffic

Finally enter the “IPSEC Tunnel” to call the above tunnel

Select add

Create additional route to remote LAN range via tunnel (in virtual router)

crime

=============================================

About Cisco:

Declare route-based VPN type (tunnel creation and encryption)

Stage 1:

Encryption isakmp policy 10

coding3des

Hash MD5

Certified pre-shared

Group 2

Lifespan 28800

Encryption isakmp key 123456 address 10.1.2.1

Stage 2:

Encrypted ipsec transform set TS esp-3des esp-md5-hmac

mode tunnel

!

Encrypted ipsec configuration file HAI_PS

Set transformation set TS

Set pfs group 2

!

!open tunnel

interface tunnel 0

IP address 172.16.1.2 255.255.255.0

Tunnel Source 10.2.3.3

tunnel mode ipsec ipv4 (Because Palo uses ipsec tunnel mode, I need to declare it to match)

Tunnel destination 10.1.2.1

Tunnel protection ipsec profile HAI_PS

!

ip route 192.168.15.0 255.255.255.0 tunnel 0

Verify:

In Palo Alto, go to IPSec Tunnel and see green, that’s it

About Cisco:

Show encrypted sessions If you see “UP-ACTIVE”, if you don’t see it, try pinging the 2 LANs to each other and it shows up again.If it doesn’t match, check if the parameters match

========

=========