Can’t access remote office over Paloalto firewall site to site VPN

Situation: The client has a site to site VPN to connect head office and remote office. Current computers which IP addresses have been added to firewall work fine. However, when they add more IP addresses in inbound policy on the remote office, the new IP doesn’t work.

Troubleshooting: We do see those IP addresses in remote office PA firewall. Note: Go to POLICY>Security, check the IPSec inbound policy.

In the Head Office PA firewall, we check the Monitor and find those IP addresses accessing to Remote Office port 3389 was denied.

Checking Head Office PA firewall IPSec outbound policy, we don’t see those IP addresses in.

Adding those IP addresses into Head Office PA firewall IPSec outbound policy fixes the problem.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com View all posts by Bob Lin

Published by

Bob Lin

Leave a Reply Cancel reply