https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/309539#M80211 <P>We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.</P><P>&nbsp;</P><P>Operator 1 -tunnel - IP1 Azure<BR />Operator 2 -tunnel - IP2 Azure.</P><P>&nbsp;</P><P>It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.</P><P>Because I only have a virtual routing I can not perform these tunnels.</P><P>&nbsp;</P> Wed, 05 Feb 2020 09:30:55 GMT Sistemas_SanLucar 2020-02-05T09:30:55Z https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306126#M79548 <P>Hi,</P><P>&nbsp;</P><P>I have several Azure sites with an active-active gateway and 2 different ip.<BR />I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.<BR />What makes a tunnel ikev2, bgp and peers.</P><P>Scheme:</P><P>pa-820-Supplier1-IP1---- IP1-AzureGW1<BR />pa-820-Supplier2-IP2----IP2-AzureGW1</P><P>&nbsp;</P><P>In Azure I have configured a vnet (x.x.0.0/16) and in this vnet I have 2 subnets (gateway x.x.255.224/27 and servers x.x.60.0/24)</P><P>&nbsp;</P><P>I create in the tunnel the corresponding proxy-id:</P><P>subnet_local1_x.x.255.224/27<BR />subnet_local2 x.x.255.224/27<BR />...<BR />subnet_local1 x.x.60.0/24<BR />subnet_local2 x.x.60.0/24<BR />...</P><P>This error appears repeatedly in the system log:</P><P>eventid:&nbsp; ike-generic-event</P><P>description:&nbsp; 'unknown ikev2 peer'</P><P>subtype:&nbsp; vpn</P><P>severity: informational</P><P>&nbsp;</P><P>If I execute command "<SPAN>tail follow yes mp-log ikemgr.log</SPAN>" its shows:</P><P>&nbsp;</P><P>020-01-09 14:13:07.113 +0100 [PWRN]: x.x.x.x[500] - z.z.z.z[500]:0x10343ab0 unknown ikev2 peer<BR />2020-01-09 14:13:08.099 +0100 [PWRN]: x.x.x.x[500] - t.t.t.t[500]:0x10345950 unknown ikev2 peer</P><P>&nbsp;</P><P>The tunnel's working. But I don't know why it indicates this error.</P><P>Can you help me?</P><P>&nbsp;</P><P>thanks</P> Thu, 09 Jan 2020 13:27:50 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306126#M79548 Sistemas_SanLucar 2020-01-09T13:27:50Z https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306140#M79550 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo2.png" style="width: 594px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23383iF1471195F0289461/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo2.png" alt="photo2.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo3.png" style="width: 318px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23380i9FEFD61069B4A7B7/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo3.png" alt="photo3.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo4.png" style="width: 647px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23382i97FA2238F253FDE4/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo4.png" alt="photo4.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo5.png" style="width: 616px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23381i4E19934415282607/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo5.png" alt="photo5.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo6.png" style="width: 282px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23384i147895470C506AB9/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo6.png" alt="photo6.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo7.png" style="width: 589px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23385iC4077E8F14B3CAFD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo7.png" alt="photo7.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="photo8.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23386i934CBC53A76EFE89/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="photo8.png" alt="photo8.png" /></span></P> Thu, 09 Jan 2020 13:39:38 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306140#M79550 Sistemas_SanLucar 2020-01-09T13:39:38Z https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306570#M79635 <P>i have the same issue here where IKE is connected but IPSEC is not when connecting to Azure. received a lot of error with " unknwon ikev2 peer"&nbsp;</P> Tue, 14 Jan 2020 01:58:24 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/306570#M79635 Herwan 2020-01-14T01:58:24Z https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/309539#M80211 <P>We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.</P><P>&nbsp;</P><P>Operator 1 -tunnel - IP1 Azure<BR />Operator 2 -tunnel - IP2 Azure.</P><P>&nbsp;</P><P>It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.</P><P>Because I only have a virtual routing I can not perform these tunnels.</P><P>&nbsp;</P> Wed, 05 Feb 2020 09:30:55 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-ikev2-peer-azure/m-p/309539#M80211 Sistemas_SanLucar 2020-02-05T09:30:55Z