Commit failure due to client ikemgr reported error when configuring new VPN tunnel

Commit failure due to client ikemgr reported error when configuring new VPN tunnel

29986
Created On 05/29/20 21:15 PM - Last Modified 03/11/25 09:53 AM


Symptom


  • Commit fails when trying to use a new IKE crypto while configuring a new VPN tunnel
  • The error message ask to use a IKE crypto from VPN-2 while configuring a new VPN-1 tunnel configuration

Environment


  • IPSec VPN with gateway with passive mode
  • Peer configured as dynamic IP

Resolution


All IKE gateways configured on the same interface or local IP address must use the same crypto profile when the remote IP type is configured as 'dynamic'.
This is as per design. 

Additional Information



ms.log output 
  
client ikemgr reported error: IKEv2 gateway Alpha-GW should use the same IKE crypto profile as VPN1-GW (IKEv2: Alpha-IKE).(Module: ikemgr)
client ikemgr reported error: IKEv2 gateway VPN1-GW should use the same IKE crypto profile as Alpha-GW (IKEv2: VPN1-IKE).(Module: ikemgr)
client ikemgr reported Phase 1 FAILED


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UErCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language