( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 10.175.150.0 (type ipaddr) does not match a configured IKE gateway.' )
and ( description contains 'IKE phase-1 negotiation is failed as responder, main mode. Failed SA: 220.127.116.11-18.104.22.168 cookie:5357205146f1b40c:a194d23cbec27a50. Due to timeout.' )
I get above in system logs phase 1 is up but phase 2 not
Solved! Go to Solution.
Under the IKE Gateway for the tunnel verify that the Local Identification and the Peer Identification are actually matching (in reverse order) for the selected tunnel.
The following is an example:
Local Identification: IP address 10.10.139.230
Peer Identification FQDN (hostname) TEST01
Local Identification: FQDN (hostname) TEST01
Peer Identification: IP address 10.10.139.230
What the log is saying is that essentially the peer device is sending the id of 10.175.150.0 as it's Local Identification, and that ID doesn't match any of your IKE Gateway's configured Peer Identification. Meaning that the firewall doesn't have an IKE Gateway configured for the device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!