Summary:

Palo Alto:

1. Tunnel Interface

2. IKE, IPSEC, IKE Gateway, and IPSEC Tunnels

3. Static Route

4. Security Policy

ASA:

5. Configuration

Details:

1. Tunnel Interface

2. IKE, IPSEC, IKE Gateway, and IPSEC Tunnels

2.1 IKE Profile

2.2. IPSEC Profile

2.3 IKE Gateway

2.4 IPSEC Tunnel

3. Static Route

4. Security Policies

4.1 Traffic between two gateways

4.2 Actual traffic (already in place for GlobalProtect)

5. ASA Config

Right click R1 > Console:

==========================

conf t

hostname ASA

interface FastEthernet0/0
 no shutdown
 ip address 10.1.1.200 255.255.255.0
 exit

interface Loopback0
 ip address 172.16.4.200 255.255.255.0
 exit

ip http server
ip http authentication local
username admin privilege 15 secret abc123

crypto isakmp policy 1
 encr aes 256
 hash sha
 authentication pre-share
 group 2
 lifetime 86400
 exit

crypto isakmp key a785sd$#!ADA6 address 10.1.1.100

crypto ipsec transform-set AES192SHA1 esp-aes 192 esp-sha-hmac
 mode tunnel
 exit

crypto ipsec profile IPsec-Profile-Palo
 set transform-set AES192SHA1
 set security-association lifetime seconds 86400
 exit

interface tunnel 6
 ip address 172.16.6.200 255.255.255.0
 tunnel source 10.1.1.200
 tunnel destination 10.1.1.100
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPsec-Profile-Palo
 exit

ip route 172.16.2.0 255.255.255.0 172.16.6.100
end

wr

===========================================================

Test