Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

'unknown ikev2 peer - Azure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

'unknown ikev2 peer - Azure

Hi,

 

I have several Azure sites with an active-active gateway and 2 different ip.
I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.
What makes a tunnel ikev2, bgp and peers.

Scheme:

pa-820-Supplier1-IP1---- IP1-AzureGW1
pa-820-Supplier2-IP2----IP2-AzureGW1

 

In Azure I have configured a vnet (x.x.0.0/16) and in this vnet I have 2 subnets (gateway x.x.255.224/27 and servers x.x.60.0/24)

 

I create in the tunnel the corresponding proxy-id:

subnet_local1_x.x.255.224/27
subnet_local2 x.x.255.224/27
...
subnet_local1 x.x.60.0/24
subnet_local2 x.x.60.0/24
...

This error appears repeatedly in the system log:

eventid:  ike-generic-event

description:  'unknown ikev2 peer'

subtype:  vpn

severity: informational

 

If I execute command "tail follow yes mp-log ikemgr.log" its shows:

 

020-01-09 14:13:07.113 +0100 [PWRN]: x.x.x.x[500] - z.z.z.z[500]:0x10343ab0 unknown ikev2 peer
2020-01-09 14:13:08.099 +0100 [PWRN]: x.x.x.x[500] - t.t.t.t[500]:0x10345950 unknown ikev2 peer

 

The tunnel's working. But I don't know why it indicates this error.

Can you help me?

 

thanks

1 accepted solution

Accepted Solutions

We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.

 

Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.

 

It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.

Because I only have a virtual routing I can not perform these tunnels.

 

View solution in original post

3 REPLIES 3

photo2.pngphoto3.pngphoto4.pngphoto5.pngphoto6.pngphoto7.pngphoto8.png

i have the same issue here where IKE is connected but IPSEC is not when connecting to Azure. received a lot of error with " unknwon ikev2 peer" 

We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.

 

Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.

 

It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.

Because I only have a virtual routing I can not perform these tunnels.

 

  • 1 accepted solution
  • 9044 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!