Initial Error :
VPN tunnel was failing in IKE Phase 1 between Cisco vASA and Paloalto firewall with below error
Initially IKE gateway was configured with peer IP address of tunnel endpoint (public) ip address.
Solution:
Tunnel came up after modifying the IKE Gateway settings in paloalto as below
Local Identification - Actual tunnel endpoint - Public IP address
Peer Identification - Private IP address which is being used by vASA to negotiate to establish tunnel
Troubleshooting commands in Paloalto:
show vpn flow name <Tunnel name>
less mp-log ikemgr.log
GUI:
Monitor - System
No comments:
Post a Comment