HI.
I connect paloalto and ASA VPN .
I set up a connection from asa to routed base vpn.
The tunnel was connected and I thought there would be no problem.
However, a problem was found.
Communication from Palo Alto to asa works well, but communication from asa to Palo Alto does not work.
I don't know why only one direction works. (inbound from asa)
Please tell me what to look for.
The approximate config is shown below.
-------------------
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
crypto ikev1 enable outside
crypto ipsec ikev1 transform-set transform-amzn esp-aes esp-sha-hmac
crypto ipsec profile ABC
set ikev1 transform-set transform-amzn
set pfs group2
set security-association lifetime seconds 3600
interface Tunnel0
nameif ABC
ip address 10.200.3.2 255.255.255.252
tunnel source interface outside
tunnel destination x.x.x.x
tunnel mode ipsec ipv4
tunnel protection ipsec profile ABC
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key ********
isakmp keepalive threshold 10 retry 10
route ABC 10.1.0.0 255.255.0.0 10.200.3.1
route ABC 10.2.0.0 255.255.0.0 10.200.3.1
access-list acl_ABC extended permit icmp any any
access-list acl_ABC extended permit ip any any
accees-group acl_ABC in interface ABC
--------------------------
What else do I need?
I would appreciate it if you let me know.