IPSec between B305 and Palo Alto does not work

We have a B305 with firmware 8.0.2 and Palo Alto with firmware 9.0.1.

This products have the bellow config:

B305
WAN: 187.32.173.201
LAN: 10.255.0.0/22

Palo Alto
WAN: 64.26.201.73
LAN: 64.26.199.240/28

Well i have the tunnel, and all information sent by Palo Alto is received by B305, I cheecked with wireshark.

But the server trys send TCP ACK, the information no reach by the Palo Alto.

My question is: Peplink can works with IPSec when the remote LAN is a public IP address? If yes, any help to solve this?

Thanks a lot !!!

Solinski

With the 64.26.199.240/28 network established do you get a reply to pings OK through the tunnel? Does the capture show the TCP ACK going out the WAN instead?

2 Likes

Ron_Case thank you for answer !!! :slight_smile:

In this case, we have a customer which not permit ping or other protocol to LAN.

Yes is a annoying customer :frowning:

Well you know any condition to IPSec works correctly? I think that Peplink could lost correct route because the tunnel is a public address so him not know if send by WAN or by IPSec.

Thanks for your attention :slight_smile:

@Ron_Case

Finally distributor permited tests with ping and does not work.

I bilieve that the route IP 64.26.199.240 is confused with a public IP and no remote net of IPSec.

The IPSec with remote nets with public IPs is a problem? You known any information about this?

The important too is: ingress traffic -> Palo Alto to Pep is ok !!! Just egress pep to Palo does not work.

Thanks for any help !!!