Q: We configure dual site to site VPN connecting to AWS using two ISPs, AT&T and Comcast. This is Active-Active load balance Tunnels. How can I test to make they are working?
A: You may have many options.
- Use Paloalto firewall command: ping source IP host IP. For example if the AT&T local IP is 12x.x.130 and AWS private host IP is 10.2.2.35, run this command: ping source 12x.x.130 host 10.2.2.35. If the comcast local IP is 50.x.x.125, run this command ping source 50.x.x.125 host 10.2.2.35
- You can disable one tunnel for testing another tunnel. Go to Network>IPSec Tunnel. Highlight one of tunnel, for example AT&T to AWS tunnel 1.
Click Disable. Click Yes to confirm disable the tunnel.
Commit to save the change.
Ping the AWS private IP address, 10.2.2.35. If it works, you are connecting the AWS using the different tunnel.