11-18-2022 07:42 AM
Need assistance to connect a VPN IPSec Tunnel between PA and Cisco 4300 Series. Everything seems to be configured on both sides, but when I check logs on the PA-CLI, it shows this log:
IPsec-SA request for 150.220.213.178 queued since no phase1 found
2022-11-17 10:49:19.353 -0600 [PNTF]: { 1: }: ====> PHASE-1 NEGOTIATION STARTED AS INITIATOR, MAIN MODE <====
====> Initiated SA: 70.248.29.2[500]-150.220.213.178[500] cookie:e70d77589b7877bb:0000000000
Where Do I check for Phase 1? I think it is the IKE Gateways, which it is already configured.
11-18-2022 01:11 PM
Hello @yjimenez
thanks for posting in LIVEcommunity!
To me this looks like standard log when Firewall initiates phase 1 to remove peer. The fact that this says: "queued since no phase1 found" indicates this is a new session rather than configuration is missing. Is there any further log after this entry? If there is a response, then there should be logs indicating what phase 1 parameters were received from remote peer. If there is no response or traffic is blocked in between, this log entry will be repeated as PA tries to establish phase 1.
Regarding your question, yes the phase 1 configuration is under: "IKE Gateways".
Kind Regards
Pavel
11-18-2022 02:01 PM
Hello,
Also Cisco devices dont tend to bring up VPN tunnels unless told to do so, ie sending traffic, etc. I would try to ping something from one side of the tunnel to the other and see what happens.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
