topic Re: Simple IPsec tunnel interfaces not passing MAC address in General Topics

Simple IPsec tunnel interfaces not passing MAC address

danoman2 — Mon, 12 Jun 2023 19:08:54 GMT

Good afternoon,

I've got a simple site to site IPsec tunnel in non production that I'm having a problem with. Currently I have the mgmt interface up. I also have my trust/untrust interfaces connected to a Cisco switch on the appropriate VLAN's for the subs I have programed on my PA-440. For some odd reason, I cannot see the MAC addresses of the interfaces of the Trust/Untrust int's on my cisco switch.

What should I be looking at to clear this up? What would you like to see? Switch interface settings, Firewall interface settings?

Just looking for a place to start looking.

Thanks,

Dan

Re: Simple IPsec tunnel interfaces not passing MAC address

danoman2 — Mon, 12 Jun 2023 21:45:43 GMT

I've got a ticket open with support. Hopefully I'll get an answer.

Re: Simple IPsec tunnel interfaces not passing MAC address

BPry — Tue, 13 Jun 2023 14:15:17 GMT

@danoman2,

Slightly confused on what your question is. You mention an IPSec tunnel and issues with that, but your question seems to center around the MAC address of your firewall's interfaces not presenting on your switch properly. I'm going to go with the MAC address question since that appears to be what you're asking, and that your trust/untrust interfaces are physical interfaces on the device in question.

In the event that this isn't correct or otherwise isn't the entirety of your question, you might want to expand on things a bit more. Seems like you started with one question/problem, but we quickly got sidetracked to a completely different issue from how I'm interpreting what I read.

This can happen on the switch if you simply haven't attempted to reach the interface address. Log into your switch and just ping the interface address (this may fail depending on your interface management profile, don't worry about that) and then look at your table again.

Re: Simple IPsec tunnel interfaces not passing MAC address

danoman2 — Tue, 13 Jun 2023 16:00:54 GMT

Sorry about the confusion. I see the MAC's now after ping from my L2 switch. Now on to my tunnel issue. I'm getting the following error on the system monitor. [ike-gw:4] unauthenticated NO_PROPOSAL_CHOSEN received, you may need to check IKE settings.

I'll be checking those settings next.

Re: Simple IPsec tunnel interfaces not passing MAC address

danoman2 — Tue, 13 Jun 2023 16:24:35 GMT

Also getting

retransmission count exceeded the limit

"Deleting a possible stale IKEv2 child SA SPI:xxxxxxxxxxxxxxxxxxx