This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

IpSec Tunnel Phase2 Red But Ike Side Green

tsenturk
L0 Member

‎04-21-2022 07:01 AM - edited ‎04-21-2022 12:58 PM

Hi,

 

I have several TpLink Archer Mr400 4G Router. I setup Ipsec VPN tunnel between PA-220 and them many times. But new one is not success at Phase2.

 

Phase1 IKE is green so devices communicate. But Phase2 Tunnel Info is red and i can't see any tunnel when i click Tunnel Info. I have read the losg and find below things;

 

2022-04-19 16:50:25.878 +0300 [PNTF]: { 15: }: ====> PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) <====
====> Initiated SA: PaloAlto_Wan_Ip_here[500]-router_wan_ip_here[500] message id:0xBE906F60 <====
2022-04-19 16:50:25.879 +0300 [ERR ]: { 15: }: can't find matching selector
2022-04-19 16:50:25.879 +0300 [PERR]: { 15: }: failed to get sainfo.
2022-04-19 16:50:25.879 +0300 [ERR ]: failed to pre-process packet.

 

I double check both side PA220 and Tplink phase2 configuration and everyting is same.

 

TPlink Archer MR400 Phase2 Profile;

 

Tplink_ArcherMr400_phase2.PNG

 

PA220 IpSec Crypto Profile;

 

PA_Phase2_ipsecCrypto.PNG

 

IpSec Tunnel Status;

 

PA_Phase2.PNG

 

I am stuck at this point. Any help appreciated.

Thanks.

 

1 person had this problem.
0 Likes Likes
Who Me Too'd this topic
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks