đŸ–Ĩī¸

Desktop Required

For the best configuration experience, please switch to Desktop mode.

T

TechClick

Enterprise Network Security Lab
Palo Alto IPsec VPN Simulator

Network Topology

đŸ”Ĩ
Firewall A (NYC)
203.0.113.10
LAN: 10.1.0.0/24
Internet
IPsec Tunnel
đŸ”Ĩ
Firewall B (LDN)
198.51.100.20
LAN: 10.2.0.0/24

Tunnel Status

Phase 1 (IKE) DOWN
Phase 2 (IPsec) DOWN
Reason Not Configured

ℹī¸ Configuration Guide

How IPsec VPN Works

Phase 1: IKE Negotiation

Internet Key Exchange (IKE) establishes a secure authenticated communication channel between peers. It negotiates parameters like Encryption (AES), Hash (SHA), and Diffie-Hellman Group to create a bidirectional security association (IKE SA).

Phase 2: IPsec Tunnel

Using the secure channel from Phase 1, IPsec negotiates the encryption and authentication for the actual data traffic. This creates two unidirectional Security Associations (IPsec SAs) for inbound and outbound traffic.

Routing & Policies

Tunnel Interface: A logical interface that handles encapsulation/decapsulation.
Static Routes: Directs traffic destined for the remote LAN (10.2.0.0/24) into the tunnel interface.
Security Policy: Explicitly allows traffic to pass between the Trust zone (LAN) and the VPN zone (Tunnel).