Cradlepoint local LAN IP address won't respond through VPN tunnel

Problem:

I created a Cradlepoint VTI IPSEC VPN tunnel to a Palo Alto 5220 (ver 9.1). It worked great, but I was a little annoyed that the local LAN IP of the cradlepoint router could not be pinged from primary site.

Solution:

In the Cradlepoint security > zone firewall > zone forwarding.  Add two rules: VPN > Router, and Router > VPN. Then ping will work.

*If you have not done so before this, you will have to define a VPN zone for that to work

Did my website help you out?  If so make a Donation