Palo Alto Site to Site IPSec VPN

Posted Jan 27, 2024

By Sena Perdiana 2 min read

A Site-to-Site IPSec VPN is a secure connection established between two networks, connecting different offices or branches of an organization over the internet via Palo Alto firewalls.

Here’s the topology of the configuration

Configuring IPSec VPN on Palo-1 device

On the first firewall, create a new tunnel interface

Next on Network Profiles » IKE Crypto, create a new profile

An IKE (Internet Key Exchange) Crypto Profile is a configuration that defines the parameters and settings used for the initial phase of establishing a VPN tunnel. It includes the encryption and authentication methods to be used during the key exchange process.

Next on IPSec crypto, alo create a new profile

An IPSec Crypto Profile is a configuration that defines the parameters and settings used for the second phase of establishing a VPN tunnel, which involves securing the data traffic between two sites. It specifies the encryption and authentication methods for protecting the actual data transmitted over the VPN tunnel.

After that, on IKE Gateways create a new gateway

An IKE (Internet Key Exchange) Gateway is a configuration that defines the properties of a remote peer or site with which the firewall will establish a VPN tunnel. It includes information such as the remote peer’s IP address, pre-shared key, and the specific IKE Crypto Profile to be used for key exchange.

Next, create the IPSec tunnel using all the profiles created earlier