Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
i'm have issues with IPSEC Tunnel which is configured by another engineer. currently facing issues with Tunnel connectivity and i need to cross verify the parameters. So can someone guide how to heck pre shared key in plain text format
@IPSec IPSec S2S VPN between Palo Alto and 3rd party Security FW Vendor -> ISAKMP Negotiation Question regarding site to site VPN
Solved! Go to Solution.
This isn't possible. You can't go back and get the clear text value for anything in the configuration when it comes to passwords, pre-shared keys or anything of the sort. The firewall simply stores hash or encrypted form of the value.
This isn't possible. You can't go back and get the clear text value for anything in the configuration when it comes to passwords, pre-shared keys or anything of the sort. The firewall simply stores hash or encrypted form of the value.
as @BPry said, but to verifiy if there is a mismatch you can use this command in CLI:
less mp-log ikemgr.log
@Abdul-Fattah , you will see "pre-share mismatch" only if the remote site is initiator of the tunnel negotiation and you are receiver. If you are the initiator you will only see "IKE phase1 timeout" message in the logs. This is caused by the nature of the IPsec
If you see in logs as @AlexanderAstardzhiev mentioned then best thing is to have new key on both ends.
Unless you can get the Pre-Shared key from other side of the connection.
Regards
Thanks guys for your response...what i understand is that we have very limited options in Paloalto in terms of troubleshooting Tunnel down issues.. So i can go ahead and reconfigure Pre-shared key and test again.
Appreciated Everyone for your response !! @BPry @Abdul-Fattah @MP18
Hey @iamvivekms ,
I cannot agree with your statement - "we have very limited options in Paloalto in terms of troubleshooting Tunnel down issues"
It is quite the opposite:
Wrong PSK is the most common mistake when configuring new tunnel so my suggest in this case is:
1. Re-Enter the psk again at your end of the tunnel.
2. Re-enter the psk at remote end of the tunnel
3. Agree on new psk
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!