VPN passthrough Palo Alto
R2: 1. Create keyring crypto ikev2 keyring MYKEYS peer R3 address 203.0.113.1 pre-shared-key Cisco123 2. Create ikev2 profile crypto ikev2 profile IKEV2-PROFILE match identity remote address 203.0.113.1 255.255.255.255 identity local address 203.0.113.3 << without this, peer receives identity 192.168.1.10 authentication remote pre-share authentication local pre-share keyring local MYKEYS 3. Create IPSec profile crypto ipsec profile IPSEC-PROFILE set ikev2-profile IKEV2-PROFILE 4. Create tunnel interface interface Tunnel1 ip address 172.16.11.1 255.255.255.252 tunnel source Ethernet0/0 tunnel mode ipsec ipv4 tunnel destination 203.0.113.1 tunnel protection ipsec profile IPSEC-PROFILE R3: 1. Create keyring crypto ikev2 keyring MYKEYS peer R2 address 203.0.113.3 pre-shared-key Cisco123 2. Create ikev2 profile crypto ikev2 profile IKEV2-PROFILE match identity remote address 203.0.113.3 255.255.255.255 authentication remote pre-share authentication local