unknown ikev2 peer - PA1420 running PAN-OS 11.0.1-h1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

unknown ikev2 peer - PA1420 running PAN-OS 11.0.1-h1

L2 Linker

So, i have this type of errors in my logs and i really dont know how to tackle them.

No other info, like for example who is the peer that generates this event, like i used to get on an older PA device also running an older PANOS version

 

Manu_P_0-1698843190615.png

 

 

Any ideas?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

You will get rid of noise coming from internet by permitting incoming VPN only from your peer IPs.

 

To figure out what IP is trying to connect you need to look into ikemgr.log log by using commands below

less mp-log ikemgr.log

tail follow yes mp-log ikemgr.log (updates log output in real time)

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

You will get rid of noise coming from internet by permitting incoming VPN only from your peer IPs.

 

To figure out what IP is trying to connect you need to look into ikemgr.log log by using commands below

less mp-log ikemgr.log

tail follow yes mp-log ikemgr.log (updates log output in real time)

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thanks, that did it (not doing much ike troubleshooting so i forgot about that log)

Still, i wished PanOS to display that info in the system monitor logs

 

Anyway, you said this:

"You will get rid of noise coming from internet by permitting incoming VPN only from your peer IPs"

 

How? i did not set an explicit rule to allow incoming vpn - i assumed the firewall did that behind the scene

Or do you mean to setup an explicit deny all incoming ike rule, with exception for an address group containing all my ike-gateways-ip-addresses?

 

 

You can add security policy

Source zone - WAN

Destination zone - WAN

Source IP - Your and your peer IPs that terminate IPSec

Destination IP - Your and your peer IPs that terminate IPSec

Application - ipsec

 

And at the end of the ruleset "block any" rule.

 

IPSec works because of "intrazone-default" rule permitting same zone traffic.

 

Be careful when you add "block any" rule because you might have other traffic relying on this intrazone-default rule.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 accepted solution
  • 862 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!