Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-09-2020 05:27 AM
Hi,
I have several Azure sites with an active-active gateway and 2 different ip.
I have a Palo Alto pa-820 with 8.1.12 firmware, 2 interfaces with 2 different communication providers and different public ip.
What makes a tunnel ikev2, bgp and peers.
Scheme:
pa-820-Supplier1-IP1---- IP1-AzureGW1
pa-820-Supplier2-IP2----IP2-AzureGW1
In Azure I have configured a vnet (x.x.0.0/16) and in this vnet I have 2 subnets (gateway x.x.255.224/27 and servers x.x.60.0/24)
I create in the tunnel the corresponding proxy-id:
subnet_local1_x.x.255.224/27
subnet_local2 x.x.255.224/27
...
subnet_local1 x.x.60.0/24
subnet_local2 x.x.60.0/24
...
This error appears repeatedly in the system log:
eventid: ike-generic-event
description: 'unknown ikev2 peer'
subtype: vpn
severity: informational
If I execute command "tail follow yes mp-log ikemgr.log" its shows:
020-01-09 14:13:07.113 +0100 [PWRN]: x.x.x.x[500] - z.z.z.z[500]:0x10343ab0 unknown ikev2 peer
2020-01-09 14:13:08.099 +0100 [PWRN]: x.x.x.x[500] - t.t.t.t[500]:0x10345950 unknown ikev2 peer
The tunnel's working. But I don't know why it indicates this error.
Can you help me?
thanks
02-05-2020 01:30 AM
We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.
Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.
It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.
Because I only have a virtual routing I can not perform these tunnels.
01-13-2020 05:58 PM
i have the same issue here where IKE is connected but IPSEC is not when connecting to Azure. received a lot of error with " unknwon ikev2 peer"
02-05-2020 01:30 AM
We've already figured out the problem. We have in Azure a GW configured as active/active with 2 IPs. In our part we have 2 APs configured in active/passive but with 2 public IPs from 2 different operators.
Operator 1 -tunnel - IP1 Azure
Operator 2 -tunnel - IP2 Azure.
It turns out that Azure tries to connect IP2 with Operator1 and IP1 with Operator2. This is the normal operation of Azure.
Because I only have a virtual routing I can not perform these tunnels.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
