Site to Site VPN not coming up with error "<VPN name> not found in selector idmap"

Site to Site VPN not coming up with error "<VPN name> not found in selector idmap"

22396
Created On 12/31/20 14:48 PM - Last Modified 03/16/21 18:50 PM


Symptom


  • Site to Site VPN not coming up
  • We see the following error: "<VPN name> not found in selector idmap" in ikemgr.log file.

Environment


  • Any PAN-OS 
  • Site to Site VPN 
  • PA-3020, PA-3220, PA-5260

Cause


This issue is caused because the configuration is not getting pushed correctly from the Management plane to the Data plane.

Resolution


  1. Disable the IKE gateway and IPSec tunnel 
  2. Commit the configuration
  3. Enable the IKE gateway and IPSec tunnel
  4. Commit the configuration again
  5. Send interesting traffic through the tunnel and check if it comes up 

Additional Information


See also this additional documentation.​​​​​​
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HC8DCAW&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language