PANOS-8.0 broke IPSec XAuth VPN?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

PANOS-8.0 broke IPSec XAuth VPN?

Hi,

 

After I upgraded to our PA-3050 to PANOS-8.0, ios and android native clients (using ipsec xauth) don't work anymore. These clients can  authenticate successfuly and get a valid IP from the gateway ip pool. But after this they can't access anything. There is no traffic logs shown with the vpn ip either.

 

Anybody using 8.0 can test if ipsec xauth is functional to see if its 8.0 upgrade or something else is wrong with my setup.

 

Thanks,

 

Rahman

Highlighted
L2 Linker

Updating to 8.0 has a huge amount of risks for any production environment. The code is brand new and I would only recommend it in lab devices. It you updated and it broke things, you'll have to report it to support and let them know that is broke something. This kind of thing will most likely go on until 8.0.6.

 

 

- Peter

Highlighted
L6 Presenter

Hi

 

we have the same issue

 

Regards

 

 

 

Highlighted
L2 Linker

Can anybody test if 8.0.1 fixed the issue?

 

Thanks,

 

Rahman

Highlighted
L0 Member

Has anyone managed to solve this problem?

Highlighted
Cyber Elite

@JoaoCesar,

I would harbor a guess that you will need to update to 8.0.2 if this is fixed in the 8.0 code yet. 

Highlighted
L6 Presenter
Highlighted
L0 Member

Some phone models connects and receives an IP-Pool IP but it cannot reach the internal resources.


Motorola Moto Z Android 7 -> problem
Motorola Moto G3 Android 6 -> probelm
Motorola Moto Maxx Android 6 - > problem
Lenovo Vibe K6 Android 6 -> problem

Samsung Galaxy S7 Android 7 -> OK
Samsung Galaxy S4 Android 5.1 -> OK
Iphone 4 iOS 7 -> OK

Test with PAN-OS 8.0.2 and 8.0.3.


Highlighted
L6 Presenter

Hi,

 

ls there a useful info in the ikemgr.log file:

 

> tail lines 100 mp-log ikemgr.log

 

Did you try to re-create a VPN profile on the affected client mobile phones?

Highlighted
L0 Member

I have same issue like this, I tried  Huawei P9 andriod 7.0, SAMSUNG S7edge 7.0  sometime work , some time not. PAN-OS 8.0.4,7.1.11,7.0.12  same issue.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!