IPSEC Tunnel to ASA - PeerID issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

IPSEC Tunnel to ASA - PeerID issues

L4 Transporter

I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive.

Now the PAN received a FQDN of the ASA side and gave listed the FQDN in the system logs.

My question.. where in the ASA can you configure PEER and LOCAL ID in the Phase1 settings? I am not seeing that option so I cannot figure out how the PAN is getting the FQDN.

2 accepted solutions

Accepted Solutions

L7 Applicator

A related DOC, it shows configuration sample for both PAN and CISCO firewall.

VPN Tunnel Down Between Palo Alto Networks Firewall Static IP Address and Cisco VTI on Dynamic IP Ad...

( On CISCO: crypto isakmp profile XYZ self-identity user-FQDN/IP XYZ )

Thanks

View solution in original post

L3 Networker

Hello all! If anyone runs across this article and would like to use the link referenced in the solution please see the below link:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHVCA0

View solution in original post

5 REPLIES 5

L4 Transporter

Your config on the firewall is expecting IP instead of  FQDN

Check below. Choose the appropriate option and the error should go away.

ipsec.PNG

I appreciate the input but that's not quite it...

The issue is that it is receiving a FQDN for the PEER ID from the Cisco ASA. I am looking for how to determine in the ASA where it is sending its FQDN as an ID because I do not see anything in the ASA that would send its FQDN.

L7 Applicator

A related DOC, it shows configuration sample for both PAN and CISCO firewall.

VPN Tunnel Down Between Palo Alto Networks Firewall Static IP Address and Cisco VTI on Dynamic IP Ad...

( On CISCO: crypto isakmp profile XYZ self-identity user-FQDN/IP XYZ )

Thanks

The crypto settings under number 2 showed me what to change. Thank you!

L3 Networker

Hello all! If anyone runs across this article and would like to use the link referenced in the solution please see the below link:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHVCA0

  • 2 accepted solutions
  • 5813 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!