IPSec VPN shows connected but no traffic traversing tunnel

I have a MAX BR1 LTE running firmware 6.1.2 build 1704. I set the device up to connect to our PaloAlto firewall. When I’m on our WiFi connection that faces only the public, the tunnel builds itself and connects and everything works just fine. If I set my AT&T sim card up on an APN that assigns it a static public IP address, it again works just fine. If I turn that off and use AT&T’s generic ‘Broadband’ APN, the tunnel shows connected but no packets go across the network in either direction.

I also have a Verizon iPad I used as my WiFi WAN and have the exact same results.

When we look at the logs for the firewall, I can see the tunnel is being built on the datacenter side as well.

All help appreciated.



Below is the scenario based on my understanding. Do correct me if I am wrong.

  1. BR1 used Wifi WAN - IPSec working fine.

  2. BR1 used Cellular with static IP APN - IPSec working fine.

  3. BR1 used Cellular with “Broadband APN” - IPSec not working.

  4. BR1 used Wifi WAN + iPad Wifi tethering - IPSec not working.

Look like you need to confirm IPSec passthrough is supported on 3 and 4. If not you need to configure NAT-T on BR1 and Palo Alto.