IP Address is Set to "NONE," if an Interface Dynamically Receives Address

Printer Friendly Page

Symptom

When an interface acquires its IP address dynamically, such as with dynamic-PPPoE, that interface can be selected as the IPSec Gateway. Even if the interface is selected, though, the IP address remains "None" because it is not possible to select the IP address.

dynamic interface.png

 

local ip none.png

 

Cause

The configuration process selects the interface and leaves the IP address set to none. The dataplane automatically uses the dynamically assigned IP address. The IP address cannot be selected because that would lock the configuration to reference a specific IP value. If the interface receives a new IP address during the next PPPoE negotiation, the configuration will become invalid and the VPN tunnel will break.

 

owner: sgantait

Tags (5)
Comments

I am trying to get a static ip address in the IKE Gateway as local on a PPPOE Connection and I use British telecom.

I have finnaly ensured that I get the same IP address between reboots. Plenty of calls to BT.

I run PAN OS 6.1.4 on a PA200

Cable setup, Fiber to a converter and then to Ethernet 1/1

I assign the PPPoE with a static ip address

In the Ethernet Interface 1/1 - IPv4 - advanced

I have set a static ip address - both as an object and as typed.

Other settings as well

I have checked(true) the automatically create default route pointing to peer

This ip address is not shown when I create the IKE Gateway, it needs to be visable.

If I type the ip address, where it says none, it removes it.

I cannot select it, the drop down menu is still empty.(I believe it is a bug, because the Ethernet has got a static ip address as mentioned above in my post)

When I try to use

test vpn ike-sa gateway gateway_name

test vpn ipsec-sa tunnel tunnel_name

Both sides discovers and drops package again, with a timeout issue.

Manuel says, check routing and ping.

Traceroute from source to destination OK

Traceroute from Destination to Source (NOT okay, can traceroute to and from the public ip´s gateway with zero problems, but not the ip itself)

I have created a management profile that allows ping with the destinations public ip address, but still no success.

I have also added the ip address as both written and a object

NAT( for basic Internet connection - Works )(If I remove, no Internet)

Static route 0.0.0.0 0.0.0.0 the public ip address (useless as it works regardless)

MTU:1492

If anyone has a solution I will be gratefull

Hi, I'm having the same problem as described above. Has anyone resolved this or come up with a work around for not having a local IP on the ike gateway?

 

 

Could yu please provide more information about your configuration and which version you run?

I know this is an old topic, but one way to solve this (a little complex, but works), it´s by using a loopback interface for the local gateway, you need to be sure your NAT policies, and VR are perfectly defined.