https://live.paloaltonetworks.com/t5/general-topics/errors-in-s2s-vpn-configuration/m-p/587067#M117141 <P>Hello, I am configuring a site to site VPN between a Palo Alto Firewall and un Firewall Fortinet, but despite several attempts we are not able to get it to go up either in phase 1 or in phase two in the logs of Palo Alto you can see:</P> <P>&nbsp;</P> <P>2024-05-16 23:47:12.205 +0000 [INFO]: { 3: }: received IKE request x.x.x.x[500] to x.x.x.x[500], found IKE gateway VPN-XXX<BR />2024-05-16 23:47:12.205 +0000 [PNTF]: { 3: }: ====&gt; IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway VPN-XXX &lt;====<BR />====&gt; Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:54bb55b0e9b865aa:5e93ae9ae2b86aef SN:122885 &lt;====</P> <P>2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_SOURC<BR />2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_DESTI<BR />2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (16430)</P> <P>Any recommendations of what may be happening ?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 May 2024 00:27:55 GMT M.Ochoa 2024-05-17T00:27:55Z https://live.paloaltonetworks.com/t5/general-topics/errors-in-s2s-vpn-configuration/m-p/587067#M117141 <P>Hello, I am configuring a site to site VPN between a Palo Alto Firewall and un Firewall Fortinet, but despite several attempts we are not able to get it to go up either in phase 1 or in phase two in the logs of Palo Alto you can see:</P> <P>&nbsp;</P> <P>2024-05-16 23:47:12.205 +0000 [INFO]: { 3: }: received IKE request x.x.x.x[500] to x.x.x.x[500], found IKE gateway VPN-XXX<BR />2024-05-16 23:47:12.205 +0000 [PNTF]: { 3: }: ====&gt; IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway VPN-XXX &lt;====<BR />====&gt; Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:54bb55b0e9b865aa:5e93ae9ae2b86aef SN:122885 &lt;====</P> <P>2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_SOURC<BR />2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_DESTI<BR />2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (16430)</P> <P>Any recommendations of what may be happening ?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 May 2024 00:27:55 GMT https://live.paloaltonetworks.com/t5/general-topics/errors-in-s2s-vpn-configuration/m-p/587067#M117141 M.Ochoa 2024-05-17T00:27:55Z https://live.paloaltonetworks.com/t5/general-topics/errors-in-s2s-vpn-configuration/m-p/587135#M117149 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1165058187">@M.Ochoa</a> ,</P> <P>&nbsp;</P> <P>Looks very similar to what's happening here:</P> <P><A href="https://live.paloaltonetworks.com/t5/general-topics/ike-v2-asa-vs-pa/td-p/230814" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/ike-v2-asa-vs-pa/td-p/230814</A></P> <P>&nbsp;</P> <P>A good place to start is to make sure the IKE and IPSec parameters match on both ends.&nbsp; This might be as simple as a mismatching PSK.</P> <P>&nbsp;</P> <P>If you can't find what's wrong then I'd suggest to crank up the debug log level to get more verbose logging and get more details:</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank" rel="noopener">How to Troubleshoot IPSec VPN connectivity issues</A>&nbsp;</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> <P>&nbsp;</P> Fri, 17 May 2024 14:23:55 GMT https://live.paloaltonetworks.com/t5/general-topics/errors-in-s2s-vpn-configuration/m-p/587135#M117149 kiwi 2024-05-17T14:23:55Z