Both RAVPN and S2S VPN between the same pair of gateways

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

I have one unusual scenario where two gateways, lets say GW A and GW B, have established S2S VPN tunnel, but still I have a requirement from some customers located behind GW A to have RAVPN connectivity to some servers located behind GW B. S2S VPN is running smoothly, but RAVPN could not be established. I tried to exlude HTTPS and IKE services from the S2S VPN community, but without any success. I checked the logs where I see GW B is rejecting the phase 1 from RAVPN saying:

Main Mode Failed to match proposal: Transform: AES-256, SHA1, Pre-shared secret, Group 2 (1024 bit); Reason: Wrong value for: Authentication Method

RAVPN is using different proposal than S2S and it seems that GW B cannot differentiate between IKE messages generated by GW A and between IKE generated by side-A customers since they are coming from the same public IP address.

I know this is quite unusual to have such scenario, but I am wondering is there some kind ow workaround have to handle such a situation?