Ike -generic event : vendor id payload ignored

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
MandarKulkarni
L4 Transporter

Ike -generic event : vendor id payload ignored

We are seeing continous  ike genric event for vendor id payload ignored , tunnel is up traffic getting encrypted and decrypted.

 

what exactly does above error say.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
TranceforLife
L6 Presenter

Hello,

 

Please could post an output of te command below:

 

> tail lines 100 mp-log ikemgr.log

 

MandarKulkarni
L4 Transporter

2016-09-08 10:05:30 [PROTO_NOTIFY]: ====> IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey <====
====> Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:34a2990a7a92484b:efca7a95900a177b SN:15994 <====
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:ignoring unauthenticated notify payload (NAT_DETECTION_SOURCE_IP)
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:ignoring unauthenticated notify payload (NAT_DETECTION_DESTINATION_IP)
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [INFO]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x916df28:authentication result: success
2016-09-08 10:05:30 [PROTO_NOTIFY]: ====> IKEv2 CHILD SA NEGOTIATION STARTED AS RESPONDER, non-rekey <====
====> Initiated SA: x.x.x.x[500]-x.x.x.x[500] message id:0x00000001 parent SN:15994 <====

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
TranceforLife
L6 Presenter

Hi,

 

Thanks for the logs. Is this VPN between Azure? 

 

Thx,

Myky

 

MandarKulkarni
L4 Transporter

Yes it is with Azure.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
TranceforLife
L6 Presenter

Hi,

 

What is your PAN-OS version?

We had a strange issue with this Azure s2s VPN. 

Please could you make sure you tick the box "passive mode" on IKE GATEWAY

 

passive.PNG

 

I could see it is a "responder" only but still we had similar behaviour. As soon as we ticked that box all went smoothly.

 

Thx,

Myky

MandarKulkarni
L4 Transporter

We have Passive mode enabled , still getting same error.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
TranceforLife
L6 Presenter

Hi,

 

l think these  warning messages are normal. 

 

 

Capture.PNG

 

But to be clear, open a TAC case.

 

Thx,

Myky

KIMvdLinden
L0 Member

Did you end up finding it?

Tags (1)
bit_byte
L2 Linker

@TranceforLife 

Hi have u got your answer vendor id payload ignored , why you were receiving that message 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!