Simple IPsec tunnel interfaces not passing MAC address

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Simple IPsec tunnel interfaces not passing MAC address

L3 Networker

Good afternoon,

 

I've got a simple site to site IPsec tunnel in non production that I'm having a problem with.  Currently I have the mgmt interface up.  I also have my trust/untrust interfaces connected to a Cisco switch on the appropriate VLAN's for the subs I have programed on my PA-440.  For some odd reason, I cannot see the MAC addresses of the interfaces of the Trust/Untrust int's on my cisco switch.  

 

What should I be looking at to clear this up?  What would you like to see?  Switch interface settings, Firewall interface settings?

 

Just looking for a place to start looking.

 

Thanks,

 

Dan

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@danoman2,

Slightly confused on what your question is. You mention an IPSec tunnel and issues with that, but your question seems to center around the MAC address of your firewall's interfaces not presenting on your switch properly. I'm going to go with the MAC address question since that appears to be what you're asking, and that your trust/untrust interfaces are physical interfaces on the device in question.

In the event that this isn't correct or otherwise isn't the entirety of your question, you might want to expand on things a bit more. Seems like you started with one question/problem, but we quickly got sidetracked to a completely different issue from how I'm interpreting what I read. 

 

This can happen on the switch if you simply haven't attempted to reach the interface address. Log into your switch and just ping the interface address (this may fail depending on your interface management profile, don't worry about that) and then look at your table again. 

View solution in original post

4 REPLIES 4

L3 Networker

I've got a ticket open with support.  Hopefully I'll get an answer.

Cyber Elite
Cyber Elite

@danoman2,

Slightly confused on what your question is. You mention an IPSec tunnel and issues with that, but your question seems to center around the MAC address of your firewall's interfaces not presenting on your switch properly. I'm going to go with the MAC address question since that appears to be what you're asking, and that your trust/untrust interfaces are physical interfaces on the device in question.

In the event that this isn't correct or otherwise isn't the entirety of your question, you might want to expand on things a bit more. Seems like you started with one question/problem, but we quickly got sidetracked to a completely different issue from how I'm interpreting what I read. 

 

This can happen on the switch if you simply haven't attempted to reach the interface address. Log into your switch and just ping the interface address (this may fail depending on your interface management profile, don't worry about that) and then look at your table again. 

L3 Networker

Sorry about the confusion.  I see the MAC's now after ping from my L2 switch.  Now on to my tunnel issue.  I'm getting the following error on the system monitor.  [ike-gw:4] unauthenticated NO_PROPOSAL_CHOSEN received, you may need to check IKE settings.

 

I'll be checking those settings next.

Also getting

retransmission count exceeded the limit

"Deleting a possible stale IKEv2 child SA SPI:xxxxxxxxxxxxxxxxxxx

  • 1 accepted solution
  • 1880 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!