Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to determine the correct value to put in the PAN IKE peer K... - Knowledge Base - Palo Alto Networks

How to determine the correct value to put in the PAN IKE peer KEYID field?

23476
Created On 09/25/18 18:00 PM - Last Modified 02/01/25 00:50 AM


Procedure


When configuring a Cisco ASA key-id field, how do you determine the correct value to put in the PAN IKE peer KEYID field?

 

The Cisco-ASA allows any ASCII string input. This ASCII string key-id must be converted to hexadecimal before using it in the PAN’s dynamic IKE Peer KEYID field.

 

For example:

  • Cisco ASA isakmp key-id: foobar
  • PAN dynamic peer KEYID: 666f6f626172

 

Packet capture the traffic from the dynamic peer as it arrives at the PAN (debug ike pcap on; debug ike pcap off; scp export debug-pcap from ikemgr.pcap) and examine in wireshark.  The HEX and ASCII values in the first IKE packet from the dynamic peer is listed.

 

Hex to ASCII converter tool:

http://www.dolcevie.com/js/converter.html

 

Sonicwall, Juniper and Netscreen use  ASCII for the key ID as well.

 

owner: panagent
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 239,808
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMQCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language