[VMC on AWS] RBVPN Connectivity disruption following edge failover requiring manual re-enablement
Article ID: 323252
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
Symptoms:
Following edge failover the RBVPN, that uses IKEv1 with peer being Palo Alto Networks firewall, will take longer than expected to re-establish connectivity.
Following edge failover the RBVPN, that uses IKEv1 with peer being Palo Alto Networks firewall, will take longer than expected to re-establish connectivity.
Cause
This is a result of the Edge device changing SPI identifier during failover. This issue has only been identified when peer device is Palo Alto firewall.
Resolution
Please open a Support Request with VMware to address this issue.
Workaround:
Workaround:
Recommended to use IKEv2, if using IKEv1 and the issue is encountered another Edge failover or manually reset connection from the VPN peer side may restore connectivity.
Additional Information
Impact/Risks:
Connectivity over RBVPN using IKEv1 will take longer to re-establish connectivity following an edge failover when the peer device is a Palo Alto firewall.
Connectivity over RBVPN using IKEv1 will take longer to re-establish connectivity following an edge failover when the peer device is a Palo Alto firewall.
Feedback
Yes
No
Powered by
