Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IKEv2 with dynamic peer

Started by Daniel Hüppe, Mar 14 2018 05:29 AM

IKEv2 IKE IPsec isakmp dynamic VPN

Please log in to reply

1 reply to this topic

#1 Daniel Hüppe

Members
1 posts

Posted 14 March 2018 - 05:29 AM

Hello,

is it possible to set up IKEv2 in response only mode with a dynamic remote peer IP address?

In the "IPsec IKEv2 Tunnel" you can configure 0.0.0.0/0 as the remote peer when you set "Initiates Tunnel" to no. But then I always get a "no proposal chosen" failure from the NG Firewall when the remote peer tries to connect.

Other vendors can manage this and I think the problem is, that the NG-Firewall can not match the Initiator Request to any existing tunnel configuration because it does not know the peer ID at this Moment. But in IKev2 it should response with one of the requested and supported proposals, so that the SA_AUTH is possible and the remote client can send its ID, so the NG-Firewall can match the connection to a configured tunnel configuration.

Has anyone got such a scenario working yet?

#2 Michael Zoller

Barracuda Team Members
208 posts

Posted 14 March 2018 - 06:36 AM

Using 0.0.0.0/0 as the Local or Remote Gateway when dynamic IP addresses are used is supported for IKEv2 Site-to-site VPN tunnels. Please open a case with our technical support to troubleshoot the issues you are having.

https://login.barrac...support/newcase

Back to Barracuda NextGen and CloudGen Firewall F-Series

Also tagged with one or more of these keywords: IKEv2, IKE, IPsec, isakmp, dynamic, VPN

Product Specific Forums → Barracuda SSL VPN → Feature Requests → Single SSL VPN login Started by Luigi Reale, 20 Nov 2019 SSL, VPN, Login, Portal	1 reply 327 views	Gavin Chappell 20 Nov 2019
Product Specific Forums → Barracuda NextGen and CloudGen Firewall F-Series → notification when a dynamic firewall rule was enabled Started by Thomas Glocker, 14 Nov 2019 firewall rule, dynamic and 2 more...	0 replies 103 views	Thomas Glocker 14 Nov 2019
Product Specific Forums → Barracuda NextGen and CloudGen Firewall F-Series → Case #03325708 : No Transport Match Found For IPSec VPN Started by Mohd Farid Masarin, 23 Aug 2019 IPSec, VPN, f180	0 replies 543 views	Mohd Farid Masarin 23 Aug 2019
Product Specific Forums → Barracuda NextGen and CloudGen Firewall F-Series → Feature Requests → VPN - detect metered connections Started by Alexander Haring, 02 Aug 2019 VPN, NAC	1 reply 294 views	Alexander Heiss 02 Aug 2019
Product Specific Forums → Barracuda NextGen and CloudGen Firewall F-Series → Barracuda VPN Mac Issues Started by Adam Schappell, 05 Jun 2019 VPN, Client	6 replies 938 views	Gavin Chappell 13 Nov 2019