I am new to learning Palo Alto Firewalls. I have a couple of PA-8.0.0 virtual machine instances setup on my desktop with internet access through my home network on a Windows 10 host machine, for learning purposes. I configured site-to-site vpn and can get the tunnel up, both phase1 and phase2. The firewalls can ping eachother’s external IP addresses but their respective internal private hosts cannot ping eachother through the tunnel. The configuration seems fine and nothing in the system logs indicate any drops or disconnection. Am I missing a security policy or what else needs doing? I have security policies configured on each firewall to allow traffic out to the external untrust zone. Any assistance will be appreciated.