When Configuring VPN IPSec Tunnel Between PA Firewall And Cisco, What Does Notification Type TS_UNACCEPTABLE In System Log Mean?

When Configuring VPN IPSec Tunnel Between PA Firewall And Cisco, What Does Notification Type TS_UNACCEPTABLE In System Log Mean?

50579
Created On 05/02/20 02:59 AM - Last Modified 02/10/25 19:38 PM


Question


Why when configuring VPN IPSec tunnel between PA Firewall and Cisco, both Phase 1 and 2 stay down even though a session is created?

 Session table 

System Log shows notification Type TS_UNACCEPTABLE.

System log 

 

Environment


  • Palo Alto Firewall
  • Cisco Device
  • PAN-OS 8.1, 9.0, 9.1

Answer


  • If IPSec both Phase 1 and 2 do not come up, check if DH group set to 14 or lower. 
  • If IPSec Phase 1 does come up but not Phase 2, check if Proxy ID(s) is matched.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPuMCAW&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language