Ike -generic event : vendor id payload ignored

Reply
Highlighted
L4 Transporter

Ike -generic event : vendor id payload ignored

We are seeing continous  ike genric event for vendor id payload ignored , tunnel is up traffic getting encrypted and decrypted.

 

what exactly does above error say.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L6 Presenter

Hello,

 

Please could post an output of te command below:

 

> tail lines 100 mp-log ikemgr.log

 

Highlighted
L4 Transporter

2016-09-08 10:05:30 [PROTO_NOTIFY]: ====> IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey <====
====> Initiated SA: X.X.X.X[500]-X.X.X.X[500] SPI:34a2990a7a92484b:efca7a95900a177b SN:15994 <====
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:ignoring unauthenticated notify payload (NAT_DETECTION_SOURCE_IP)
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:ignoring unauthenticated notify payload (NAT_DETECTION_DESTINATION_IP)
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [PROTO_WARN]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x9247c08:vendor id payload ignored
2016-09-08 10:05:30 [INFO]: 15994:x.x.x.x[500] - x.x.x.x[500]:0x916df28:authentication result: success
2016-09-08 10:05:30 [PROTO_NOTIFY]: ====> IKEv2 CHILD SA NEGOTIATION STARTED AS RESPONDER, non-rekey <====
====> Initiated SA: x.x.x.x[500]-x.x.x.x[500] message id:0x00000001 parent SN:15994 <====

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L6 Presenter

Hi,

 

Thanks for the logs. Is this VPN between Azure? 

 

Thx,

Myky

 

Highlighted
L4 Transporter

Yes it is with Azure.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L6 Presenter

Hi,

 

What is your PAN-OS version?

We had a strange issue with this Azure s2s VPN. 

Please could you make sure you tick the box "passive mode" on IKE GATEWAY

 

passive.PNG

 

I could see it is a "responder" only but still we had similar behaviour. As soon as we ticked that box all went smoothly.

 

Thx,

Myky

Highlighted
L4 Transporter

We have Passive mode enabled , still getting same error.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L6 Presenter

Hi,

 

l think these  warning messages are normal. 

 

 

Capture.PNG

 

But to be clear, open a TAC case.

 

Thx,

Myky

Highlighted
L0 Member

Did you end up finding it?

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!