IPSEC VPN error: Received notify type authentication_failed

IPSEC VPN error: Received notify type authentication_failed

67483
Created On 04/28/22 17:36 PM - Last Modified 12/07/22 22:31 PM


Symptom


  • IPSEC VPN Tunnel not getting established.
  • When Firewall is acting as initiator, Error message "Received notify type authentication_failed" is seen in system logs (show log system).
  • When Firewall is in passive mode, Error message "authentication failed" and "ikev2 SA negotiation is failed likely due to pre-shared key mismatch" is seen in system logs.

 

Environment


  • Palo Alto Firewall
  • Supported PAN-OS.
  • IPSec VPN

Cause


This is due to mismatch in pre-shared key value.

Firewall as Initiator:
Initiator

Firewall as Responder:
Responder
 

Resolution


Configure the same pre-shared key (Step 4 and 5) on both side of the tunnel. 

Additional Information


Note: If the VPN peer is also Palo Alto device , from the system log it clearly shows the message that negotiation failed likely due to pre-shared key mismatch on the responder.

Set-up-An-IPSEC tunnel (Doc)
How to Configure IPSEC VPN ( Knowledge article)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OPOCA2&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language