Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jdoe1979
Contributor

IPSec from Palo Alto firewall to Harmony Connect

Is there a guide to connect Palo Alto device as branch to Harmony Connect?

I got one configured yet it won't connect despite following the instructions provided by Harmony Connect

 
Blade: VPN
Action: Reject
 
More Status:
Main Mode Failed to match proposal: Transform: AES-256, SHA1, Pre-shared secret, Group 2 (1024 bit); Reason: Wrong value for: Key Length
Reject Category:
IKE failure
 
On Palo end it fails with 
'IKE phase-1 negotiation is failed as initiator, main mode. Failed SA: x.x.x.x[500]-x.x.x.x[500] cookie:7850fef71849de60:0000000000000000. Due to timeout.
 

 

0 Kudos
2 Replies
the_rock
Legend
Legend

Message clearly indicated phase 1 IKE failure. Did you confirm all settings match? What guide did you follow?

Andy

0 Kudos
jdoe1979
Contributor

There's no guide from Harmony Connect for Palo Alto NGFW. I used the parameters from UI to configure ike/ipsec options.

0 Kudos
Upcoming Events

    CheckMates Events