Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
HiPlatformMy end : Cisco ASR1001Far end : Palo AltoI am trying to establish GRE over IPSEC tunnel with a customer using Palo Alto which fails when Palo Alto tries to initiate (role initiator) and Asr1001 is the responder. When the roles are switched...
Platform:ASR1000Ver: 17.3.4aSymptom: Similar to bug reported under CSCvh18158 -- no policy/proposal is matched though its specifically configured for peer and multiple ikev2 SA active sessions are established with status Up-idleError:Jun 29 19:32:08....
Hiwe have multiple customers with Policy based vpn sessions running in combination with Route based vpns but never had any issues.I also tested in the lab with policy based, VTI and GREoIPSEC ASR1K peers all comes up straight awayinbound esp sas:spi:...
HiThank you for the efforts and prompt feedback.I also tested it in the lab(eveng) but unable to replicate this issue. When I changed the GREoIPSEC to VTI (on the same config) the tunnel came up but tunnel interface ips were not reachable, the only ...
crypto ikev2 proposal Paradencryption aes-gcm-128prf sha256group 14crypto ikev2 policy POLICY1proposal PROPOSAL1proposal Paradproposalproposalkeyring local Parad <- this must without any fvrfAs per debug, psk is shared and authentication is successfu...
