Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About alexg_8
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About alexg_8
4 weeks ago
4Posts
3Likes
0Solutions
Sep 30, 2021Last Visited
User
Activity
User
Profile
Latest posts by alexg_8
| Subject | Views | Posted |
|---|---|---|
| 528 | 08-12-2021 05:21 AM | |
| 530 | 08-12-2021 05:18 AM | |
| 582 | 08-11-2021 07:05 AM | |
| 594 | 08-09-2021 10:38 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | 08-11-2021 07:05 AM | |
| 1 Like | 08-09-2021 10:38 AM |
User Badges
Community Statistics
| Member Since | 01-16-2018 02:01 PM |
| Date Last Visited | 4 weeks ago |
| Posts | 4 |
| Total Likes Received | 3 |
08-12-2021
05:21 AM
Ope. I forgot to include the part that started this whole thread. Once this was fixed, I did see the ' vendor id payload ignored' error messages disappear from our ikemgr.log.
... View more
08-12-2021
05:18 AM
Last update, and the ultimate resolution on our end. We tore down and deleted the S2S VPN gateway on the Azure VWAN side, as well as removed the problematic tunnels from the PA side. Once it was re-deployed, the new VPN gateway instances had new public IPs, so I setup all 8 of our tunnels (4 sites, 2 tunnels per) using the new peering IPs and it has been stable since. I know anyone who's already running production traffic out to Azure will need a couple hour maintenance window to do this, so it may not be the answer you were looking for, but we luckily hadn't migrated production traffic over it yet. Anyone who is facing this issue and may not have the time to do a complete re-deploy, I would urge you to have Azure/Microsoft run packet captures to see if there is a routing issue on the Azure side where packets for one instance are somehow arriving at the other instance. I never heard back from our engineer if he was able to find anything as we just proceeded with the re-deploy, but all signs were pointing to that. Hope this helps someone encountering issues with Azure VWAN!
... View more
08-11-2021
07:05 AM
2 Kudos
Sharing another update here. Microsoft support identified that the issue, currently, is that IKE traffic destined for Azure VPN gateway instance 0 is being received on instance 1. They insisted that the issue was with routing on our end, however they provided packet captures proving that the traffic had the destination public IP for instance 0, yet was being received by instance 1. We're leaning towards a Microsoft/Azure routing issue. More to come.
... View more
08-09-2021
10:38 AM
1 Kudo
We are having this issue with Azure VWAN S2S VPN gateway, specifically with instance 0 of the Azure VPN gateway (they run them in active/active pairing). Instance 1 has been working without issue. Rebooting our HA pair of 3050's, I can bring the VPN tunnel up, however that does not last and it will begin failing after a few hours. Weirdly, out of 4 sites we have with 3050's in HA pairing, only 2 of the sites are having issues with Azure VPN instance 0. PA software version 9.0.9 across all sites, managed with Panorama. Involving PA support now and I will report back if we find a resolution.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
4 weeks ago
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
