Support Center > Search Results > SecureKnowledge Details
IKEv2 negotiation fails between an Quantum Spark Appliance and an Azure / AWS peer Technical Level
Symptoms
  • The "VPN" log on the Quantum Spark Appliance shows one of these messages in the "Description" section:

    • IKE failure: Informational exchange: Sending notification to peer: Invalid IKE SPI

      Example:

    • Received CCSA request with an IKE SA that is not authenticated
      Could not allocate inbound Create Child SA exchange

Cause

Due to IKEv2 limitations, the support for Azure/AWS is limited for:

  • Certificate authentication

  • Renegotiation


Solution
No fix is required; the system is functioning as designed.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment