Jump to content


IKEv2 with dynamic peer

IKEv2 IKE IPsec isakmp dynamic VPN

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Daniel Hüppe

Daniel Hüppe
  • Members
  • 1 posts

Posted 14 March 2018 - 05:29 AM



is it possible to set up IKEv2 in response only mode with a dynamic remote peer IP address?

In the "IPsec IKEv2 Tunnel" you can configure as the remote peer when you set "Initiates Tunnel" to no. But then I always get a "no proposal chosen" failure from the NG Firewall when the remote peer tries to connect.

Other vendors can manage this and I think the problem is, that the NG-Firewall can not match the Initiator Request to any existing tunnel configuration because it does not know the peer ID at this Moment. But in IKev2 it should response with one of the requested and supported proposals, so that the SA_AUTH is possible and the remote client can send its ID, so the NG-Firewall can match the connection to a configured tunnel configuration.

Has anyone got such a scenario working yet?


#2 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 209 posts

Posted 14 March 2018 - 06:36 AM

Using as the Local or Remote Gateway when dynamic IP addresses are used is supported for IKEv2 Site-to-site VPN tunnels. Please open a case with our technical support to troubleshoot the issues you are having.