dmvpn ipsec vpn L2 L3 vpls mpls bgp ospf expert engineer ccie ccnp ccna routing switching certifications security voice data center service provider design enterprise best ways to tshoot networking less and efective time juniper huawei check point avaya blue coat call manager ips ids ip ios xr

Jorge Arredondo Dorantes CCIE

Jorge Arredondo Dorantes CCIE

Palo Alto Networks on premise VPN Microsoft Azure issue solved

If you are trying to set up an On Premise VPN using Palo Alto Networks with PAN-OS version prior to 7.1.4 you will be experiencing connectivity issues to Azure route-based VPN gateways. 
 After I was working with Azure Support, I got this working configuration. This will be your workaround in case you have older version from 7.1.4

Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 28800 seconds
Gateway:
Passive Mode: Enabled
NAT Traversal: Disabled

If have a newer
version from 7.1.4 use:

Phase 1:
Encryption: aes-256-cbc, 3des
Authentication: sha1, sha256
DH Group: group2
Lifetime: 11000 seconds
IKEv2 Authentication Multiple: 3 (new setting, was set at 0 which means disabled)
Phase 2:
Encryption: aes256-cbc
Authentication: sha1
DH Group: no-pfs
Lifetime: 3600 seconds
Gateway:
Passive Mode: Disabled
NAT Traversal: Disabled


If you are still experiencing connectivity issues, open a support request from the Azure portal and they will help you.

No comments:

Cisco Systems