Hello all,
I am running into an issue with route access beyond an IPSec tunnel that I am hoping you can point in the right direction for. The tunnel is established and working between my office Palo Alto firewall and terminates on a CCR1009 that is located inside a datacenter. I can access the Mgmt. Lan that connects to the CCR1109 from the office, but I cannot access other subnets beyond the CCR1009. Those subnets can be reached from the CCR1009.
--Config Layout--
Office Palo Alto firewall - Datacenter CCR1009
CCR1009 connects to a CCR1072 (DC Edge) via a public /29
CCR1072 connects to a JuniperQFX5100 (Core)
QFX5100 connects to remote CCR1036 via P2P fiber
* PA LAN 192.168.99.0/24 can access the CCR1009 LAN 10.10.100.0/24
* CCR1009 can access the remote CCR1036 172.20.103.0/30
* PA cannot access the 172.20.103.0/30
I have updated the filter rules and src-nat with the 172.20.103.0/24 subnet with no luck.
I attached a quick diagram that illustrates the design a little better.
Thanks in advance,
-AT