IPsec tunnel with CATO appliance

26Jack26 · March 9, 2025, 7:18pm

Hello folks,

Anyone here has set a IPsec tunnel between a PA firewall and a CATO SDWAN appliance?

The tunnel came up right away, both phases, traffic is allowed in policy rules and I am seeing it in the monitor tab going to the CATO appliance, CATO shows traffic allowed as well, but for some reason, unable to actually reach to one site from another.

Palo does not see the traffic back and same thing for the CATO appliance, it does not see the traffic back, weird to say the least…

Any possible ideas here?

JuniperMS · March 9, 2025, 7:18pm

IKEv2? Proxy-id set?

Virtual-plex · March 9, 2025, 7:18pm

You need to troubleshoot and learn how to do it.

There are several good posts about troubleshooting a site to site VPN tunnel. Most of troubleshooting will involve the cli to get any good information as the GUI system logs are lacking, alot.

Churn · March 9, 2025, 7:18pm

Verify the network routes are in place on both devices and in the networks behind both.

26Jack26 · March 9, 2025, 7:18pm

Ikv2, yes.
We tried with and without proxy id’s, same thing, unable to reach the other side.