Receive notifications of new posts by email. Found when connecting to a PA that I had to issue the “isakmp identity address” command to get Phase 1 to complete. Once applied the tunnel came up and has been solid. the resolution was to run the command “isakmp identity address” on the ASA which has the ASA send the IP address of the device. Basically said the PA does not respond to FQDN and will not form a tunnel with such a device. Cisco ASA 5505 8.2(3) IPSEC tunnel - posted in Networking: have 2 sites, IPSEC tunnel will come up but no traffic will come across. The PA admin saw the message and found a link on PA website. Error MSG6 kept coming back (relates to password authentication/mismatch). Configured my tunnel and started testing. I have multiple L2L tunnels setup with varying devices (Cisco/non-Cisco). One factor I found in setting up a L2L tunnel between a Cisco ASA And the Palo Alto is that the Palo Alto does not accept FQDN (which the ASA sends by default, I found out later).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |