Hello networkers, If you are trying to set up an On Premise VPN using Palo Alto Networks with PAN-OS version prior to 7.1.4 you will be experiencing connectivity issues to Azure route-based VPN gateways.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1keBTL4AKD-3_XjcsxHxfUno35yZeN24Hl0dz5PPwMUsppCyo24toH1ab3HpCT8Sg4SrHJuVxMPa8fMHOusA8lHV5YYsn88s8u-bFLLele4VxYqLh454oEiTTX-CypFRI2RYr7s5OrSQ/s1600/PAN_Logo.png)
After I was working with Azure Support, I got this working configuration. This will be your workaround in case you have older version from 7.1.4
Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 28800 seconds
Gateway:
Passive Mode: Enabled
NAT Traversal: Disabled
If have a newer version from 7.1.4 use:
Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 3600 seconds
Gateway:
Passive Mode: Disabled
NAT Traversal: Disabled
If you are still experiencing connectivity issues, open a support request from the Azure portal and they will help you.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1keBTL4AKD-3_XjcsxHxfUno35yZeN24Hl0dz5PPwMUsppCyo24toH1ab3HpCT8Sg4SrHJuVxMPa8fMHOusA8lHV5YYsn88s8u-bFLLele4VxYqLh454oEiTTX-CypFRI2RYr7s5OrSQ/s1600/PAN_Logo.png)
After I was working with Azure Support, I got this working configuration. This will be your workaround in case you have older version from 7.1.4
Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 28800 seconds
Gateway:
Passive Mode: Enabled
NAT Traversal: Disabled
If have a newer version from 7.1.4 use:
Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 3600 seconds
Gateway:
Passive Mode: Disabled
NAT Traversal: Disabled
If you are still experiencing connectivity issues, open a support request from the Azure portal and they will help you.
No comments:
Post a Comment