Errors in S2S VPN configuration.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Errors in S2S VPN configuration.

L0 Member

Hello, I am configuring a site to site VPN between a Palo Alto Firewall and un Firewall Fortinet, but despite several attempts we are not able to get it to go up either in phase 1 or in phase two in the logs of Palo Alto you can see:

 

2024-05-16 23:47:12.205 +0000 [INFO]: { 3: }: received IKE request x.x.x.x[500] to x.x.x.x[500], found IKE gateway VPN-XXX
2024-05-16 23:47:12.205 +0000 [PNTF]: { 3: }: ====> IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway VPN-XXX <====
====> Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:54bb55b0e9b865aa:5e93ae9ae2b86aef SN:122885 <====

2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_SOURC
2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_DESTI
2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (16430)

Any recommendations of what may be happening ?

 

 

1 REPLY 1

Community Team Member

Hi @M.Ochoa ,

 

Looks very similar to what's happening here:

https://live.paloaltonetworks.com/t5/general-topics/ike-v2-asa-vs-pa/td-p/230814

 

A good place to start is to make sure the IKE and IPSec parameters match on both ends.  This might be as simple as a mismatching PSK.

 

If you can't find what's wrong then I'd suggest to crank up the debug log level to get more verbose logging and get more details:

How to Troubleshoot IPSec VPN connectivity issues 

 

Kind regards,

-Kim.

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1436 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!