https://live.paloaltonetworks.com/t5/general-topics/can-the-peer-identification-be-a-local-ip-while-the-ipsec-tunnel/m-p/444953#M100413 <P>Hi,</P><P>&nbsp;</P><P>In this tunnel with a FortiGate, I see the FGT sends its peer id as a local IP and not as the IP which takes part in the tunnel ..&nbsp;</P><P>&nbsp;</P><P>So I just modified the peer identification for the local PA to match the FGT private IP peer IP and the tunnel has come up.&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AllwynMascarenhas_2-1635844200076.png" style="width: 552px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37443iE748275E410F8E15/image-dimensions/552x185/is-moderation-mode/true?v=v2" width="552" height="185" role="button" title="AllwynMascarenhas_2-1635844200076.png" alt="AllwynMascarenhas_2-1635844200076.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AllwynMascarenhas_1-1635844111916.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37442iE715360EDAC49DF4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AllwynMascarenhas_1-1635844111916.png" alt="AllwynMascarenhas_1-1635844111916.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 02 Nov 2021 09:10:14 GMT AllwynMascarenhas 2021-11-02T09:10:14Z https://live.paloaltonetworks.com/t5/general-topics/can-the-peer-identification-be-a-local-ip-while-the-ipsec-tunnel/m-p/444953#M100413 <P>Hi,</P><P>&nbsp;</P><P>In this tunnel with a FortiGate, I see the FGT sends its peer id as a local IP and not as the IP which takes part in the tunnel ..&nbsp;</P><P>&nbsp;</P><P>So I just modified the peer identification for the local PA to match the FGT private IP peer IP and the tunnel has come up.&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AllwynMascarenhas_2-1635844200076.png" style="width: 552px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37443iE748275E410F8E15/image-dimensions/552x185/is-moderation-mode/true?v=v2" width="552" height="185" role="button" title="AllwynMascarenhas_2-1635844200076.png" alt="AllwynMascarenhas_2-1635844200076.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AllwynMascarenhas_1-1635844111916.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37442iE715360EDAC49DF4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AllwynMascarenhas_1-1635844111916.png" alt="AllwynMascarenhas_1-1635844111916.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 02 Nov 2021 09:10:14 GMT https://live.paloaltonetworks.com/t5/general-topics/can-the-peer-identification-be-a-local-ip-while-the-ipsec-tunnel/m-p/444953#M100413 AllwynMascarenhas 2021-11-02T09:10:14Z https://live.paloaltonetworks.com/t5/general-topics/can-the-peer-identification-be-a-local-ip-while-the-ipsec-tunnel/m-p/445099#M100425 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73984">@AllwynMascarenhas</a>,</P> <P>The Local ID and the Peer ID on a tunnel just need to match when received, it doesn't actually matter at all what they're set to. If the Fortigate is sending a private ID that's perfectly fine as long as that's what the firewall is expecting to receive.&nbsp;</P> Tue, 02 Nov 2021 23:59:21 GMT https://live.paloaltonetworks.com/t5/general-topics/can-the-peer-identification-be-a-local-ip-while-the-ipsec-tunnel/m-p/445099#M100425 BPry 2021-11-02T23:59:21Z