Here are settings that were necessary to establish IPsec tunnel between Digi Transport LR54 and Palo Alto router:
On the Palo Alto Firewall, we needed to:
- Set the Peer IP Address to Dynamic (Rather than specifying the IP of the Router)
- Set no IP on the tunnel interface
- set the local Identifier to the public IP address of the interface
- set the peer identifier to the hostname of the DIGI router
- Add a static route for appropriate traffic to flow into the tunnel
- Create a proxy ID for the connection where remote is the subnet on the DIGI side and local is the end destination for the tunnel traffic
On the DIGI Router, we needed to:
- Set the remote identifier to the static IP of the peer
- Set the remote subnet to the end destination for the tunnel traffic
- Set negotiation mode to aggressive
Last updated:
Jan 01, 2024