[VMC on AWS] RBVPN Connectivity disruption following edge failover requiring manual re-enablement
search cancel

[VMC on AWS] RBVPN Connectivity disruption following edge failover requiring manual re-enablement

book

Article ID: 323252

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Following edge failover the RBVPN, that uses IKEv1 with peer being Palo Alto Networks firewall, will take longer than expected to re-establish connectivity.

Cause

This is a result of the Edge device changing SPI identifier during failover.  This issue has only been identified when peer device is Palo Alto firewall.

Resolution

Please open a Support Request with VMware to address this issue.

Workaround:

Recommended to use IKEv2, if using IKEv1 and the issue is encountered another Edge failover or manually reset connection from the VPN peer side may restore connectivity.

 

Additional Information

Connectivity over RBVPN using IKEv1 will take longer to re-establish connectivity following an edge failover when the peer device is a Palo Alto firewall.

Powered by Wolken Software