IKE Gateway Commit Failure: Peer Gateway ID Must Be Defined

Printer Friendly Page

Symptoms

When configuring the remote network or service connection the commit fails:

  1. Commit fails on cloud
  2. RN or SN fails to spin up on cloud even after 10 min

Diagnosis

  1. Please verify the commit failure reason matches the one discussed in the article. Procedure to check the commit failure reason on Prisma Access firewall
  2. Check the IKE Gateway configuration for the gateway you see commit failure. Verify Commit Status
    Configuration Errors:IKEv1 gateway <gw_name> peer gateway ID must be defined when peer address is dynamic.(Module: ikemgr) 
  3. Verify the peer IP type is dynamic

Solution

When the dynamic IP is selected, we do not know the Public IP from which the peer is connecting. IPSec would require authenticating the peer. Due to this reason, we need identification information to be defined under "Local Identification" and "Peer Identification."

 

IKE Gateway Peer Dynamic .png

Once the identification is configured, commit and push from Panorama.

Tags (4)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
10 of 10
Last update:
‎09-25-2019 08:49 AM
Updated by:
 
Contributors