"Ghost" MVPN Policies
I'm trying to recreate an IKEv2 VPN configuration which because quit working on me, and in doing so, I am running into the following issue (both on the CLI and web interface):
WG(config/policy)#mvpn-ikev2 certificate default Error: "Muvpn-ipsec 'WG IKEv2 MVPN' is already in use."
When I run diagnostics, I see two policies and one gateway:
WG#diagnose vpn '/ike/policy/list' Policy Name Version Status Peer Name Action Name Xchng Mode Local-If VIF VIF Proto -------------------------------------------------------------------------------------------------------------------------------------------------------------- WG IKEv2 MVPN IKEv2 Enabled Any ike2_shared_action IKEv2 anyE - - WG Default IKEv2 Gateway IKEv2 Enabled Any ike2_shared_action IKEv2 anyE - - IPSEC-GRP_mu IKEv1 Enabled Any IPSEC-GRP_mu Aggressive anyE - - -------------------------------------------------------------------------------------------------------------------------------------------------------------- Total Number Of IKE Policies: 3 -------------------------------------------------------------------------------------------------------------------------------------------------------------- WG#diagnose vpn '/ipsec/policy/list' Policy Name IKE Version Status Mode Key Mode IKE Policy Name VPN Type -------------------------------------------------------------------------------------------------------------------------------- IPSEC-GRP IKEv1 Enabled TUNNEL AUTOMATIC IKE IPSEC-GRP_mu MUVPN WG IKEv2 MVPN IKEv2 Enabled TUNNEL AUTOMATIC IKE WG IKEv2 MVPN MUVPN -------------------------------------------------------------------------------------------------------------------------------- #Policies: 2 --------------------------------------------------------------------------------------------------------------------------------
However, I cannot see these policies anywhere via the CLI.
Any help is appreciated.
Thanks!
0
Sign In to comment.
Comments
For the record, what firewall model and what XTM version is it running?
Also, consider using WSM Policy Manager to look at this. Often it gives a totally different view than either the Web UI or the CLI.
And, you can open a support incident to get WG help in resolving this.
Great point - my apologies for not posting this:
I'll give the WSM Policy Manager a shot, but I couldn't get the System Manager to connect, except for one time out of eight. And when I did, the Policy Manager said it was the wrong version.
What WSM version are you trying to use?
It needs to be the same or higher than your XTM version.
That actually may have likely been my problem now that I look at my recent downloads. I was using 11.12.4 - I just read that WSM must be the same or higher. Next time I get back to the building in question I'll give 12.1.3 a shot.