Palo Alto Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).
Step 1: Configure IKE Gateway or Phase 1 Parameters
Go to Network Profiles > IKE Gateways and configure the parameters as shown below.
Local IP Address
Peer IP Address
Confirm Pre-shared Key
IKE Crypto Profile
Step 3: Define Monitor Profile
Step 4: Configure IPSec VPN Tunnel
Go to IPSec Tunnels and create an IPSec Tunnel as shown below.
(created in step 1)
IPSec Crypto Profile
(crated in step 2)
Enable Replay Protection
(created in step 3)
Click OK to create tunnel
Step 5: Add Proxy ID
After configuration of VPN connection on Palo Alto, configure IPSec connection in Cyberoam. You can configure IPSec in Cyberoam by following the steps given below. Configuration is to be done from the Cyberoam Web Admin Console using profile having read-write administrative rights over relevant features.
Step 1: Create VPN Policy
Go to VPN > Policy > Policy and click Add to add a new policy as per parameters given below.
Specify a name to identify the VPN Policy.
Enable Re-Keying to start the negotiation process automatically before key expiry.
Key Negotiation Tries
Specify maximum key negotiation trials allowed. Set 0 for unlimited number of trials.
Select Authentication Mode. Authentication Mode is used for exchanging authentication information.
- Main Mode
- Aggressive Mode
Pass Data in Compressed Format
Enable to pass data in compressed format to increase throughput.
Select encryption algorithm that would be used by communicating parties for integrity of exchanged data for phase 1.
Select Authentication Algorithm that would be used by communicating parties for integrity of exchanged data for phase 1.
DH Group (Key Group)
Select one Diffie-Hellman Group from 1, 2, 5, 14, 15 or 16. DH Group specifies the key length used for encryption.
Specify Key Life in terms of seconds. Key Life is the amount of time that will be allowed to pass before the key expires.
Specify Re-Key Margin. Re-Key Margin is the time when the negotiation process should be started automatically without interrupting the communication before the key expiry.
Randomize Re-Keying Margin By
Specify Randomize Re-Keying time.
Dead Peer Detection
Enable to check at regular interval whether peer is live or not.
Select Encryption Algorithm that would be used by communicating parties for integrity of exchanged data for phase 2.
Select Authentication Algorithm that would be used by communicating parties for integrity of exchanged data for phase 2.
PFS Group (DH Group)
Same as Phase-1
Select one Diffie-Hellman group from 1, 2, 5, 14, 15 or 16. DH Group specifies the key length used for encryption.
Click OK to save policy.
Step 2: Configure IPSec Connection
Go to VPN > IPSec > Connection and click Add to create a new connection using parameters given below.
Name to identify the IPSec Connection
Site to Site
Select Type of connection.
- Remote Access
- Site to Site
- Host to Host
CR_PA(created in step 1)
Select policy to be used for connection
Action on VPN Restart
Select the action for the connection.
- Respond Only
Select Authentication Type. Authentication of user depends on the connection type.
<As configured in PA created above >
Specify the Preshared Key to be used.
Select local port which acts as end-point to the tunnel
Select remote port which acts as end-point to the tunnel
Local Network Details
Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button
Remote Network Details
Select IP addresses and netmaskassigned to Azure Virtual Network.
Click OK to create the connection.
Step 3: Activate IPSec Connection
Under the Active status indicates that the connection is successfully activated.
Under the Connection status indicates that the connection is successfully established.
Step 4: Create LAN-VPN Firewall Rules
Create appropriate LAN to VPN and VPN toLAN firewall rules to allow traffic over the VPN tunnel.
Document Version: 1.0 – 16 July, 2015
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.