06-12-2023 12:08 PM
Good afternoon,
I've got a simple site to site IPsec tunnel in non production that I'm having a problem with. Currently I have the mgmt interface up. I also have my trust/untrust interfaces connected to a Cisco switch on the appropriate VLAN's for the subs I have programed on my PA-440. For some odd reason, I cannot see the MAC addresses of the interfaces of the Trust/Untrust int's on my cisco switch.
What should I be looking at to clear this up? What would you like to see? Switch interface settings, Firewall interface settings?
Just looking for a place to start looking.
Thanks,
Dan
06-13-2023 07:15 AM
Slightly confused on what your question is. You mention an IPSec tunnel and issues with that, but your question seems to center around the MAC address of your firewall's interfaces not presenting on your switch properly. I'm going to go with the MAC address question since that appears to be what you're asking, and that your trust/untrust interfaces are physical interfaces on the device in question.
In the event that this isn't correct or otherwise isn't the entirety of your question, you might want to expand on things a bit more. Seems like you started with one question/problem, but we quickly got sidetracked to a completely different issue from how I'm interpreting what I read.
This can happen on the switch if you simply haven't attempted to reach the interface address. Log into your switch and just ping the interface address (this may fail depending on your interface management profile, don't worry about that) and then look at your table again.
06-12-2023 02:45 PM
I've got a ticket open with support. Hopefully I'll get an answer.
06-13-2023 07:15 AM
Slightly confused on what your question is. You mention an IPSec tunnel and issues with that, but your question seems to center around the MAC address of your firewall's interfaces not presenting on your switch properly. I'm going to go with the MAC address question since that appears to be what you're asking, and that your trust/untrust interfaces are physical interfaces on the device in question.
In the event that this isn't correct or otherwise isn't the entirety of your question, you might want to expand on things a bit more. Seems like you started with one question/problem, but we quickly got sidetracked to a completely different issue from how I'm interpreting what I read.
This can happen on the switch if you simply haven't attempted to reach the interface address. Log into your switch and just ping the interface address (this may fail depending on your interface management profile, don't worry about that) and then look at your table again.
06-13-2023 09:00 AM
Sorry about the confusion. I see the MAC's now after ping from my L2 switch. Now on to my tunnel issue. I'm getting the following error on the system monitor. [ike-gw:4] unauthenticated NO_PROPOSAL_CHOSEN received, you may need to check IKE settings.
I'll be checking those settings next.
06-13-2023 09:24 AM
Also getting
retransmission count exceeded the limit
"Deleting a possible stale IKEv2 child SA SPI:xxxxxxxxxxxxxxxxxxx
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
