05-09-2016 12:02 AM
Hi there,
for a special reason I need to setup a dedicated VPN Gateway for the built in iOS/OS X VPN client. Before I start to setup a Linux System for that I would like to find out if it's possible with PaloAlto or not. In the past there was a X-Auth possibility and I also found documents for PAN-OS 4.x but it looks like these possiblities are no longer available in PAN OS 7.
Do you know if it's possible to reach my goal with the PaloAlto Firewall?
Thanks,
Stephan
05-13-2016 02:57 AM
Hi,
I deleted the portal + gateway configuration that I had done with the PANOS 7.0 version and reconfigured them with the new PANOS version 7.1.1 and now the IPsec VPN works with iOS devices. I have to try test even with Linux client and VPN-Cisco client.
LA
05-09-2016 12:18 AM
Didn't check on PAN-OS 7 but on PAN-OS 6 it was still working fine with X-auth. I doubt they would take it out on 7.
05-09-2016 05:46 AM
Yes it is possbile follow the same steps. If you have upgraded the firewall and then it stopped working then please delete the gateway and reconfigure with same setting it will work.
05-12-2016 07:48 AM
You are right, there is still the XAuth configuration, sorry.
Anyway, I am not able to get it up and running....
If I understand it right I just need to create a GlobalProtect Gateway configuration like for the GlobalProtect Clients too. The only only difference is that I need to enable X-Auth Support, set a group Name and a Group password.
On the OS X Client I simply create a new VPN connection and fill out the configured parameters on the GP Gateway, right?
05-12-2016 08:07 AM
I can see the application ike and ciscovpn in the traffic monitor on port 500 and I see the following error message in the system log
IKE phase-1 negotiation is failed. Couldn\'t find configuration for IKE phase-1 request for peer IP X.X.X.X[56335], ID keyid:63656e73686172652d6164.'
so it looks like the firewall is thinking that the client would like to create a Site2Site VPN..
05-12-2016 08:51 AM
I have PANOS 7.1.1 on PA500. I configured VPN client IPsec with X-Auth and I try to connect by Apple IOS device with native IPsec, but the system monitor show an error: "IKE phase-1 negotiation is failed. no suitable proposal found in peer\'s SA payload". I remember that in PANOS 6.x with default crypto IPsec policy, the IPsec tunnel from Apple IOS device worked well.
Any suggestion ? Thanks.
05-13-2016 01:55 AM
Don't know anything about this, but I saw this topic:
05-13-2016 02:57 AM
Hi,
I deleted the portal + gateway configuration that I had done with the PANOS 7.0 version and reconfigured them with the new PANOS version 7.1.1 and now the IPsec VPN works with iOS devices. I have to try test even with Linux client and VPN-Cisco client.
LA
05-13-2016 06:00 AM
Thanks for your reply.
I will update the Firewall to 7.1.1 on the weekend. In case that I am still not able to get everything up and running would it be possible that you send me some example screenshots of your configuration?
Thanks in advance
05-17-2016 04:32 AM
Hi
it's perfectly working with 7.1.1 - thanks for the information.
sd
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
