Palo Alto Networks Configuration
- Create a IKE Crypto Profile. Select DH Group 5, sha1 authentication, and aes-256-cbc encryption.
- Create an IKE Gateway. Enter the Local IP Address of the Palo Alto Networks firewall and Peer IP Address of the Ecessa device you will be connecting to. In the Advanced Options select the previously created IKE Crypto Profile and enable NAT Traversal if necessary.
- Create a IPSec Crypto Profile. Select DH Group 5, sha1 authentication, and aes-256-cbc encryption
- Create an IPSec Tunnel. Select the previously created IKE Gateway and IPSec Crypto Profile.
- Create an IPSec Site to Site VPN and fill in the local and remote endpoint IPs and the local and remote LAN Networks. To route all traffic through the VPN enter the remote LAN network as 0.0.0.0/0.
- Enable Dead Peer Restart
- On the Advanced tab of the VPN configuration enable PFS