- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-05-2012 06:39 AM
hello,
I try to migrate a vpn between pix and palo-alto
when I try to generate traffic I can see the following error :
IKE phase-1 negotiation is failed. When pre-shared key is used, peer-ID must be type IP address. Received type FQDN
I understand that my pix need to have a fqdn configured on PALO ALTO in the field -> IKE-GATEWAY
Peer identification -> fqdn(hostnname)
But this is strange because the same configuration between pix and checkpoint works fine without add an fqdn on checkpoint. it is possible on PAlo alto to ignore fqdn like checkpoint??
thanks for your help
04-05-2012 07:54 AM
Hi alle,
checkpoint is not really choosy on building VPNs with others. I suppose, checkpoint tries to identificate with the peer name, and will make the tunnel without this identification, if it dont works.
We have several VPNs with foreign PIXes, but all with "identification none".
greetings
Manfred
04-05-2012 08:42 AM
hi mhuels,
do you have already create a vpn between pix and palo-alto? it's works fine?
04-05-2012 08:44 AM
alle schrieb:
hi mhuels,
do you have already create a vpn between pix and palo-alto? it's works fine?
yes we do so. No problems.
regards
manfred
04-06-2012 05:13 AM
hello,
the problem is solve. pix use isakmp identity hostname
Checkpoint not check this parameters if you want use ip address psk between pix and PALO ALTO
you must use the parameter isakmp identity ip-address on pix
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!