This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PANOS 10.2.8 NOT recommended: S2S VPN IKEv1, IKEv2 Prefered does not work anymore

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PANOS 10.2.8 NOT recommended: S2S VPN IKEv1, IKEv2 Prefered does not work anymore

FabioHufschmid
L0 Member

‎03-19-2024 11:01 PM

Hi Everybody,

 

We updated from 10.2.7 to 10.2.8 and had a lot of troubles with our Site-2-Site IKEv1, IKEv2 Prefered gateway connections. I'm not sure if the IKE Version is the root problem, but that was the pattern that was visible in the short time for this change.

Phase 1 came not up, initiated in both directions.

 

There are the msg in the logs:

 

Us-2-endpoint: 'IKE phase-1 negotiation is failed as responder, main mode. Failed SA:

Endpoint-2-us: the logs said always "Connection Timeout".

 

Sophos, FritzBox and Azure were the other endpoints, we were not able to etablish phase 1. After Downgrading to 10.2.7 everything worked, also with 10.2.7-h3 is everything working.

 

We did not seen in the traffic monitor any traffic for the phase1, although we otherwise saw this connection traffic in an intrazone (Untrust-2-Untrust) rule. With PANOS 10.2.7 and H3 it was visible again

 

Also without Zone Protection, the connection came not up, it was like something was blocking the connection, without generating logs.

 

I didn't find something in the release notes that point to this issue. Somebody else with this experience?

 

 

 

Happy firewalling

2 REPLIES 2

MILAVITSA
L0 Member

‎04-17-2024 03:03 AM

There are two NAT rules (destination-translation) for the Exchange2019 mail server, starting from version 1.2.8 they stopped working. They work for some time, then they are blocked, there is no information in the logs.

In version 1.2.9 the same thing.

0 Likes Likes

JayGolf
Community Team Member

‎04-23-2024 07:03 PM - edited ‎04-23-2024 07:04 PM

Thanks for providing valuable insight @FabioHufschmid ! If you ever have the time, please open up a support ticket and share details of your findings. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 1460 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks