IPSec-VPN Config 설정

zone을 설정 > Group 생성 > Group 안에 Address 설정

To set up site-to-site VPN:

Make sure that your Ethernet interfaces, virtual routers, and zones are configured properly. For more information, seeSet Up Interfaces and Zones.Create your tunnel interfaces. Ideally, put the tunnel interfaces in a separate zone, so that tunneled traffic can use different policies.Set up static routes or assign routing protocols to redirect traffic to the VPN tunnels. To support dynamic routing (OSPF, BGP, RIP are supported), you must assign an IP address to the tunnel interface.Define IKE gateways for establishing communication between the peers across each end of the VPN tunnel; also define the cryptographic profile that specifies the protocols and algorithms for identification, authentication, and encryption to be used for setting up VPN tunnels in IKEv1 Phase 1. See Set up an IKE Gateway and Define IKE Crypto Profiles.Configure the parameters that are needed to establish the IPSec connection for transfer of data across the VPN tunnel; See Set up an IPSec Tunnel. For IKEv1 Phase-2, see Define IPSec Crypto Profiles.(Optional) Specify how the firewall will monitor the IPSec tunnels. See Set up Tunnel Monitoring.Define security policies to filter and inspect the traffic.

참고 : https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/vpns/set-up-site-to-site-vpn