I hope you all are doing well. After googling stuffs and reading blogs this is the first time i am configuring IPSec VPN on CP. But couldn't succeed. I want to establish IPSec VPN between CP and Palo Alto. I have all configs in place on PA and have same P1 & P2 algorithms setting on both FW. But my tunnel is not coming up.
On CP side: Original IP is 192.168.1.10 --> static NAT to 10.168.1.1 when it goes over tunnel to PA side.
CP eth1 IP is : 10.11.1.1
PA eth1/2 IP is :10.12.1.1
My underlay routing has no issues. Though i cannot ping from PA eth1/2 interface but i can ping from R12 e6/2 interface to CP eth1 interface. I have disabled address spoofing and allowed ping.
While pinging from PA, CP logs shows as "Clear text packet should be encrypted"
PING LOG
Could some one please help me with config i am missing here ?
BELOW URL HAS TOPOLOGY DIAGRAM:
https://imgurupload.org/files/DFB83F1F-9386-43C0-9D6E-4FCB45D7F95F.jpeg
CONFIG SNAP:
GatewayIntresting TrafficLink SelectionNATP1_P2settings(rest all option left as it is and also both FW has same secret key)Remote NAT :10.172.0.0/24
Thanks in advance