This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Errors in S2S VPN configuration.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Errors in S2S VPN configuration.

M.Ochoa
L0 Member

‎05-16-2024 05:15 PM - edited ‎05-16-2024 05:27 PM

Hello, I am configuring a site to site VPN between a Palo Alto Firewall and un Firewall Fortinet, but despite several attempts we are not able to get it to go up either in phase 1 or in phase two in the logs of Palo Alto you can see:

 

2024-05-16 23:47:12.205 +0000 [INFO]: { 3: }: received IKE request x.x.x.x[500] to x.x.x.x[500], found IKE gateway VPN-XXX
2024-05-16 23:47:12.205 +0000 [PNTF]: { 3: }: ====> IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway VPN-XXX <====
====> Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:54bb55b0e9b865aa:5e93ae9ae2b86aef SN:122885 <====

2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_SOURC
2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (NAT_DETECTION_DESTI
2024-05-16 23:47:12.205 +0000 [PWRN]: { 3: }: x.x.x.x[500] - x.x.x.x[500]:0x55ec93f34470 ignoring unauthenticated notify payload (16430)

Any recommendations of what may be happening ?

 

 

0 Likes Likes
1 REPLY 1

kiwi
Community Team Member

‎05-17-2024 07:23 AM

Hi @M.Ochoa ,

 

Looks very similar to what's happening here:

https://live.paloaltonetworks.com/t5/general-topics/ike-v2-asa-vs-pa/td-p/230814

 

A good place to start is to make sure the IKE and IPSec parameters match on both ends.  This might be as simple as a mismatching PSK.

 

If you can't find what's wrong then I'd suggest to crank up the debug log level to get more verbose logging and get more details:

How to Troubleshoot IPSec VPN connectivity issues 

 

Kind regards,

-Kim.

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 1375 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks