Unable to Connect IPSec VPN Tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Unable to Connect IPSec VPN Tunnel

L0 Member

Need assistance to connect a VPN IPSec Tunnel between PA and Cisco 4300 Series. Everything seems to be configured on both sides, but when I check logs on the PA-CLI, it shows this log:

 

IPsec-SA request for 150.220.213.178 queued since no phase1 found
2022-11-17 10:49:19.353 -0600 [PNTF]: { 1: }: ====> PHASE-1 NEGOTIATION STARTED AS INITIATOR, MAIN MODE <====
====> Initiated SA: 70.248.29.2[500]-150.220.213.178[500] cookie:e70d77589b7877bb:0000000000

 

Where Do I check for Phase 1? I think it is the IKE Gateways, which it is already configured. 

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello @yjimenez

 

thanks for posting in LIVEcommunity!

 

To me this looks like standard log when Firewall initiates phase 1 to remove peer. The fact that this says: "queued since no phase1 found" indicates this is a new session rather than configuration is missing. Is there any further log after this entry? If there is a response, then there should be logs indicating what phase 1 parameters were received from remote peer. If there is no response or traffic is blocked in between, this log entry will be repeated as PA tries to establish phase 1.

 

Regarding your question, yes the phase 1 configuration is under: "IKE Gateways".

 

Kind Regards

Pavel

 

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Hello,

Also Cisco devices dont tend to bring up VPN tunnels unless told to do so, ie sending traffic, etc. I would try to ping something from one side of the tunnel to the other and see what happens.

Regards,

  • 1202 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!