IPSec VPN with Peer ID Set to FQDN
Palo Alto Networks firewalls will only accept an FQDN peer ID when the tunnel mode is set to aggressive. If the tunnel is configured for main mode with an FQDN peer ID setup, the following error message will be displayed:
IKE phase-1 negotiation failed. When pre-shared key is used, peer-ID must be type IP address. Received type FQDN.