Corente - CSG to Paloalto 500 "VIP_INIT_DELAY timed out, reason = IPsec Phase2 Failed"

(Doc ID 2332466.1)

Last updated on JANUARY 10, 2018

Applies to:

Corente Cloud Services Exchange - Version 9.4 and later
Information in this document applies to any platform.


Setting Up VPN Using a Third-Party VPN(PaloAlto 500) device to access Compute Classic instances by using Corente Services Gateway in Oracle Cloud fails at "IKE Phase2".

-- Secure log--
xxxOPCvpn pluto[5514]: "T.xxxOPCvpn-paloalto.1048580" #71164: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
xxxOPCvpnn pluto[5514]: "T.xxxOPCvpn-paloalto.1048580 #71164: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp2048}
xxxOPCvpn pluto[5514]: "T.xxxOPCvpn-paloalto.1048580 #71165: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#71164 msgid:a24dbc43 proposal=AES(12)_256-MD5(1)_128, AES(12)_256-SHA1(2)_160, AES(12)_256-SHA2_256(5)_256, AES(12)_192-MD5(1)_128, AES(12)_192-SHA1(2)_160, AES(12)_192-SHA2_256(5)_256, AES(12)_128-MD5(1)_128, AES(12)_128-SHA1(2)_160, AES(12)_128-SHA2_256(5)_256, 3DES(3)_192-MD5(1)_12 pfsgroup=OAKLEY_GROUP_MODP2048}
xxxOPCvpn pluto[5514]: "T.xxxOPCvpn-paloalto.1048580 #71165: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal        < ---
-- Oralog--
IPsec Phase2 Failed" almcode="161" tunnel_type="None" </tunnel> </org_event>
xxxOPCvpn org: :xxxOPCvpn-paloalto( Tearing tunnels down because VIP_INIT_DELAY timed out, reason = IPsec Phase2 Failed
13:55:19.037641 IP > NONESP-encap: isakmp: phase 2/others ? oakley-quick[E] < -- no return traffic
13:55:19.039564 IP > NONESP-encap: isakmp: phase 2/others ? oakley-quick[E]
13:55:20.042747 IP > NONESP-encap: isakmp: phase 2/others ? oakley-quick[E]
13:55:24.046853 IP > NONESP-encap: isakmp: phase 2/others ? oakley-quick[E]


