'unknown ikev2 peer - Azure

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

'unknown ikev2 peer - Azure

Hi,

 

I have several Azure sites with an active-active gateway and 2 different ip.
I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.
What makes a tunnel ikev2, bgp and peers.

Scheme:

pa-820-Supplier1-IP1---- IP1-AzureGW1
pa-820-Supplier2-IP2----IP2-AzureGW1

 

In Azure I have configured a vnet (x.x.0.0/16) and in this vnet I have 2 subnets (gateway x.x.255.224/27 and servers x.x.60.0/24)

 

I create in the tunnel the corresponding proxy-id:

subnet_local1_x.x.255.224/27
subnet_local2 x.x.255.224/27
...
subnet_local1 x.x.60.0/24
subnet_local2 x.x.60.0/24
...

This error appears repeatedly in the system log:

eventid:  ike-generic-event

description:  'unknown ikev2 peer'

subtype:  vpn

severity: informational

 

If I execute command "tail follow yes mp-log ikemgr.log" its shows:

 

020-01-09 14:13:07.113 +0100 [PWRN]: x.x.x.x[500] - z.z.z.z[500]:0x10343ab0 unknown ikev2 peer
2020-01-09 14:13:08.099 +0100 [PWRN]: x.x.x.x[500] - t.t.t.t[500]:0x10345950 unknown ikev2 peer

 

The tunnel's working. But I don't know why it indicates this error.

Can you help me?

 

thanks


Accepted Solutions
Highlighted
L3 Networker

We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.

 

Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.

 

It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.

Because I only have a virtual routing I can not perform these tunnels.

 

View solution in original post


All Replies
Highlighted
L3 Networker

photo2.pngphoto3.pngphoto4.pngphoto5.pngphoto6.pngphoto7.pngphoto8.png

Highlighted
L0 Member

i have the same issue here where IKE is connected but IPSEC is not when connecting to Azure. received a lot of error with " unknwon ikev2 peer" 

Tags (1)
Highlighted
L3 Networker

We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.

 

Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.

 

It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.

Because I only have a virtual routing I can not perform these tunnels.

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!