This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

IPSEC Tunnel to ASA - PeerID issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IPSEC Tunnel to ASA - PeerID issues

Go to solution
SDorsey
L4 Transporter

‎07-11-2014 08:56 AM

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive.

Now the PAN received a FQDN of the ASA side and gave listed the FQDN in the system logs.

My question.. where in the ASA can you configure PEER and LOCAL ID in the Phase1 settings? I am not seeing that option so I cannot figure out how the PAN is getting the FQDN.

(1)
2 accepted solutions

Accepted Solutions

Go to solution
HULK
L7 Applicator

‎07-11-2014 09:04 AM

A related DOC, it shows configuration sample for both PAN and CISCO firewall.

VPN Tunnel Down Between Palo Alto Networks Firewall Static IP Address and Cisco VTI on Dynamic IP Ad...

( On CISCO: crypto isakmp profile XYZ self-identity user-FQDN/IP XYZ )

Thanks

View solution in original post

0 Likes Likes

Go to solution
mgordon
Community Manager
Community Manager

‎01-03-2023 01:36 PM

Hello all! If anyone runs across this article and would like to use the link referenced in the solution please see the below link:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHVCA0

View solution in original post

(2)
5 REPLIES 5

Go to solution
sjamaluddin
L4 Transporter

‎07-11-2014 09:01 AM

Your config on the firewall is expecting IP instead of  FQDN

Check below. Choose the appropriate option and the error should go away.

ipsec.PNG

0 Likes Likes

Go to solution
SDorsey
L4 Transporter
In response to sjamaluddin

‎07-11-2014 09:03 AM

I appreciate the input but that's not quite it...

The issue is that it is receiving a FQDN for the PEER ID from the Cisco ASA. I am looking for how to determine in the ASA where it is sending its FQDN as an ID because I do not see anything in the ASA that would send its FQDN.

0 Likes Likes

Go to solution
HULK
L7 Applicator

‎07-11-2014 09:04 AM

A related DOC, it shows configuration sample for both PAN and CISCO firewall.

VPN Tunnel Down Between Palo Alto Networks Firewall Static IP Address and Cisco VTI on Dynamic IP Ad...

( On CISCO: crypto isakmp profile XYZ self-identity user-FQDN/IP XYZ )

Thanks

0 Likes Likes

Go to solution
SDorsey
L4 Transporter
In response to HULK

‎07-11-2014 09:08 AM

The crypto settings under number 2 showed me what to change. Thank you!

(1)

Go to solution
mgordon
Community Manager
Community Manager

‎01-03-2023 01:36 PM

Hello all! If anyone runs across this article and would like to use the link referenced in the solution please see the below link:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHVCA0

(2)
  • 2 accepted solutions
  • 4689 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks