https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-phase2-red-but-ike-side-green/m-p/481660#M104191 <P>Hi,</P><P>&nbsp;</P><P>I have several TpLink Archer Mr400 4G Router. I setup Ipsec VPN tunnel between PA-220 and them many times. But new one is not success at Phase2.</P><P>&nbsp;</P><P>Phase1 IKE is green so devices communicate. But Phase2 Tunnel Info is red and i can't see any tunnel when i click Tunnel Info. I have read the losg and find below things;</P><P>&nbsp;</P><P>2022-04-19 16:50:25.878 +0300 [PNTF]: { 15: }: ====&gt; PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) &lt;====<BR />====&gt; Initiated SA: <STRONG>PaloAlto_Wan_Ip_here</STRONG>[500]-<U><STRONG>router_wan_ip_here</STRONG></U>[500] message id:0xBE906F60 &lt;====<BR />2022-04-19 16:50:25.879 +0300 [ERR ]: { 15: }: can't find matching selector<BR />2022-04-19 16:50:25.879 +0300 [PERR]: { 15: }: failed to get sainfo.<BR />2022-04-19 16:50:25.879 +0300 [ERR ]: failed to pre-process packet.</P><P>&nbsp;</P><P>I double check both side PA220 and Tplink phase2 configuration and everyting is same.</P><P>&nbsp;</P><P><STRONG>TPlink Archer MR400 Phase2 Profile;</STRONG></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tplink_ArcherMr400_phase2.PNG" style="width: 717px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40240iBBC69B0A895CE8E4/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Tplink_ArcherMr400_phase2.PNG" alt="Tplink_ArcherMr400_phase2.PNG" /></span></P><P>&nbsp;</P><P><STRONG>PA220 IpSec Crypto Profile;</STRONG></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA_Phase2_ipsecCrypto.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40241i9318D19CE47F435E/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA_Phase2_ipsecCrypto.PNG" alt="PA_Phase2_ipsecCrypto.PNG" /></span></P><P>&nbsp;</P><P><STRONG>IpSec Tunnel Status;</STRONG></P><P>&nbsp;</P><P><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA_Phase2.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40242i265FBACB1D5C6361/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA_Phase2.PNG" alt="PA_Phase2.PNG" /></span></STRONG></P><P>&nbsp;</P><P>I am stuck at this point. Any help appreciated.</P><P>Thanks.</P><P>&nbsp;</P> Thu, 21 Apr 2022 19:58:57 GMT tsenturk 2022-04-21T19:58:57Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-phase2-red-but-ike-side-green/m-p/481660#M104191 <P>Hi,</P><P>&nbsp;</P><P>I have several TpLink Archer Mr400 4G Router. I setup Ipsec VPN tunnel between PA-220 and them many times. But new one is not success at Phase2.</P><P>&nbsp;</P><P>Phase1 IKE is green so devices communicate. But Phase2 Tunnel Info is red and i can't see any tunnel when i click Tunnel Info. I have read the losg and find below things;</P><P>&nbsp;</P><P>2022-04-19 16:50:25.878 +0300 [PNTF]: { 15: }: ====&gt; PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) &lt;====<BR />====&gt; Initiated SA: <STRONG>PaloAlto_Wan_Ip_here</STRONG>[500]-<U><STRONG>router_wan_ip_here</STRONG></U>[500] message id:0xBE906F60 &lt;====<BR />2022-04-19 16:50:25.879 +0300 [ERR ]: { 15: }: can't find matching selector<BR />2022-04-19 16:50:25.879 +0300 [PERR]: { 15: }: failed to get sainfo.<BR />2022-04-19 16:50:25.879 +0300 [ERR ]: failed to pre-process packet.</P><P>&nbsp;</P><P>I double check both side PA220 and Tplink phase2 configuration and everyting is same.</P><P>&nbsp;</P><P><STRONG>TPlink Archer MR400 Phase2 Profile;</STRONG></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tplink_ArcherMr400_phase2.PNG" style="width: 717px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40240iBBC69B0A895CE8E4/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Tplink_ArcherMr400_phase2.PNG" alt="Tplink_ArcherMr400_phase2.PNG" /></span></P><P>&nbsp;</P><P><STRONG>PA220 IpSec Crypto Profile;</STRONG></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA_Phase2_ipsecCrypto.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40241i9318D19CE47F435E/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA_Phase2_ipsecCrypto.PNG" alt="PA_Phase2_ipsecCrypto.PNG" /></span></P><P>&nbsp;</P><P><STRONG>IpSec Tunnel Status;</STRONG></P><P>&nbsp;</P><P><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA_Phase2.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40242i265FBACB1D5C6361/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA_Phase2.PNG" alt="PA_Phase2.PNG" /></span></STRONG></P><P>&nbsp;</P><P>I am stuck at this point. Any help appreciated.</P><P>Thanks.</P><P>&nbsp;</P> Thu, 21 Apr 2022 19:58:57 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-phase2-red-but-ike-side-green/m-p/481660#M104191 tsenturk 2022-04-21T19:58:57Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-phase2-red-but-ike-side-green/m-p/481833#M104210 <P>Problem resolved.</P><P>&nbsp;</P><P>TPLink router side "Ip Address of VPN" should be 192.168.1.0/24 instead 192.168.1.1/24</P> Fri, 22 Apr 2022 06:14:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-tunnel-phase2-red-but-ike-side-green/m-p/481833#M104210 tsenturk 2022-04-22T06:14:20Z