Hi guys, I've got an ASAv sitting in Azure. Let's say it has an "outside" interface with ip address of 192.168.1.1 for the Azure network.
In Azure, a static Public IP Address is assigned to that interface. We'll call it 10.10.10.2 (yes this is a private range, just an example).
When IKEv1 tries to negotiate Phase 1, it fails: IKE phase-1 negotiation is failed. Peer's ID payload 192.168.1.1 (type ipaddr) does not match a configured IKE gateway.
Now obviously, my IKE gateway is specifying the public Azure IP address of the ASAv... but when it gets the packet from the ASAv, the payload says 192.168.1.1 because that's what the ASA thinks its own IP address is.
I've got many tunnels to physical ASAs that don't seem to have this problem. I've been researching for a couple hours, but don't understand how I can resolve this, or why it doesn't happen on the other ASAs.
I'm a Server guy by trade, so maybe I'm missing something obvious here?
No comments:
Post a Comment