Support Center > Search Results > SecureKnowledge Details
Site-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure
Symptoms
  • Site-to-Site VPN cannot be established with IKEv2 on VSec for Azure / CloudGuard for Azure
  • vpnd.elg shows the following:
    [ 8217][11 Jan 13:16:31][ikev2] ikeSimpOrder::getMyIpAddr: disregarding interface with [IP address], which is a member interface
    [ 8217][11 Jan 13:16:31][ikev2] ikeSimpOrder::getMyIpAddr: disregarding interface with [IP address], which is a member interface
    [ 8217][11 Jan 13:16:31][ikev2] ikeSimpOrder::getMyIpAddr: disregarding interface with [IP address], which is a member interface
    [ 8217][11 Jan 13:16:31][ikev2] ikeSimpOrder::getMyIpAddr: disregarding interface with [IP address], which is a member interface
    [ 8217][11 Jan 13:16:31][ikev2] ikeSimpOrder::getMyIpAddr: found 0 interfaces (order 2545, ref count 1).
    [ 8217][11 Jan 13:16:31][ikev2] natTraversalHandler::createNatDetectSource: failed to get my interfaces ip addr.
    [ 8217][11 Jan 13:16:31][ikev2] Exchange::startPrepareMessage: error encountered. has notifications to send: 0
    [ 8217][11 Jan 13:16:31][ikev2] Message::~Message: entering
    [ 8217][11 Jan 13:16:31][ikev2] Exchange::setStatus: Changing status from: initial to: failure (final)..
    
  • No traffic is seen on port 500 or 4500 on the external interface.
Cause

There is an incompatibility between IKEv2 and vSec for Azure/CloudGuard for Azure.

As a result, a VIP for the cluster is not found. The VPN tunnel then goes down because the peers cannot exchange keys.


Solution
Note: To view this solution you need to Sign In .