for a special reason I need to setup a dedicated VPN Gateway for the built in iOS/OS X VPN client. Before I start to setup a Linux System for that I would like to find out if it's possible with PaloAlto or not. In the past there was a X-Auth possibility and I also found documents for PAN-OS 4.x but it looks like these possiblities are no longer available in PAN OS 7.
Do you know if it's possible to reach my goal with the PaloAlto Firewall?
Solved! Go to Solution.
Yes it is possbile follow the same steps. If you have upgraded the firewall and then it stopped working then please delete the gateway and reconfigure with same setting it will work.
You are right, there is still the XAuth configuration, sorry.
Anyway, I am not able to get it up and running....
If I understand it right I just need to create a GlobalProtect Gateway configuration like for the GlobalProtect Clients too. The only only difference is that I need to enable X-Auth Support, set a group Name and a Group password.
On the OS X Client I simply create a new VPN connection and fill out the configured parameters on the GP Gateway, right?
I can see the application ike and ciscovpn in the traffic monitor on port 500 and I see the following error message in the system log
IKE phase-1 negotiation is failed. Couldn\'t find configuration for IKE phase-1 request for peer IP X.X.X.X, ID keyid:63656e73686172652d6164.'
so it looks like the firewall is thinking that the client would like to create a Site2Site VPN..
I have PANOS 7.1.1 on PA500. I configured VPN client IPsec with X-Auth and I try to connect by Apple IOS device with native IPsec, but the system monitor show an error: "IKE phase-1 negotiation is failed. no suitable proposal found in peer\'s SA payload". I remember that in PANOS 6.x with default crypto IPsec policy, the IPsec tunnel from Apple IOS device worked well.
Any suggestion ? Thanks.
Thanks for your reply.
I will update the Firewall to 7.1.1 on the weekend. In case that I am still not able to get everything up and running would it be possible that you send me some example screenshots of your configuration?
Thanks in advance
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!