topic IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipsec in General Topics https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259421#M73566 <P>&nbsp;</P><P>Gui shows both phase 1 and 2 up.</P><P>Can not ping lan IP at vendor end.</P><P>&nbsp;</P><P>when i ping vendor lan ip&nbsp;</P><P>&nbsp;</P><P>i see below</P><P>&nbsp;</P><P>( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 0.0.0.0/0 type IPv4_subnet protocol 0 port 0, received remote id: 192.168.46.32/28 type IPv4_subnet protocol 0 port 0.' )</P><P>&nbsp;</P><P>I need to restart the phase 2 from gui to make it work</P><P>Need to know why every time i need to retstart the phase 2 to make this work?</P><P>&nbsp;</P><P>PA has this proxy is&nbsp;</P><P>&nbsp;</P><P>Local 10.0.0.0/8</P><P>&nbsp;</P><P>Remote 192.168.46.32/28</P> Wed, 01 May 2019 15:55:24 GMT MP18 2019-05-01T15:55:24Z IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipsec https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259421#M73566 <P>&nbsp;</P><P>Gui shows both phase 1 and 2 up.</P><P>Can not ping lan IP at vendor end.</P><P>&nbsp;</P><P>when i ping vendor lan ip&nbsp;</P><P>&nbsp;</P><P>i see below</P><P>&nbsp;</P><P>( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 0.0.0.0/0 type IPv4_subnet protocol 0 port 0, received remote id: 192.168.46.32/28 type IPv4_subnet protocol 0 port 0.' )</P><P>&nbsp;</P><P>I need to restart the phase 2 from gui to make it work</P><P>Need to know why every time i need to retstart the phase 2 to make this work?</P><P>&nbsp;</P><P>PA has this proxy is&nbsp;</P><P>&nbsp;</P><P>Local 10.0.0.0/8</P><P>&nbsp;</P><P>Remote 192.168.46.32/28</P> Wed, 01 May 2019 15:55:24 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259421#M73566 MP18 2019-05-01T15:55:24Z Re: IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipse https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259436#M73569 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>&nbsp;</P><P>&nbsp;</P><P>Looks like the other end has configured the wrong proxy ID for your subnet. Instead of 10.0.0.0/8 they configured 0.0.0.0/0 or nothing is also possible and because of that they accept when you start the phase 2 tunnel but your firewall does not accept what the offer in the phase 2 negotiation.</P><P>&nbsp;</P> Wed, 01 May 2019 18:30:02 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259436#M73569 Remo 2019-05-01T18:30:02Z Re: IPSEC GUI shows green for both phase 1 and 2 - Need to restart the ipsec to ping across the ipse https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259558#M73580 <P>You are spot on</P> Thu, 02 May 2019 01:49:08 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-gui-shows-green-for-both-phase-1-and-2-need-to-restart-the/m-p/259558#M73580 MP18 2019-05-02T01:49:08Z