"Ghost" MVPN Policies

I'm trying to recreate an IKEv2 VPN configuration which because quit working on me, and in doing so, I am running into the following issue (both on the CLI and web interface):

WG(config/policy)#mvpn-ikev2 certificate default
Error: "Muvpn-ipsec 'WG IKEv2 MVPN' is already in use."

When I run diagnostics, I see two policies and one gateway:

WG#diagnose vpn '/ike/policy/list'
Policy Name                      Version Status   Peer Name                        Action Name                      Xchng Mode     Local-If VIF      VIF Proto
--------------------------------------------------------------------------------------------------------------------------------------------------------------
WG IKEv2 MVPN                    IKEv2   Enabled  Any                              ike2_shared_action               IKEv2          anyE     -        -
WG Default IKEv2 Gateway         IKEv2   Enabled  Any                              ike2_shared_action               IKEv2          anyE     -        -
IPSEC-GRP_mu                     IKEv1   Enabled  Any                              IPSEC-GRP_mu                     Aggressive     anyE     -        -
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Total Number Of IKE Policies: 3
--------------------------------------------------------------------------------------------------------------------------------------------------------------
WG#diagnose vpn '/ipsec/policy/list'
Policy Name                      IKE Version      Status   Mode       Key Mode       IKE Policy Name                  VPN Type
--------------------------------------------------------------------------------------------------------------------------------
IPSEC-GRP                        IKEv1            Enabled  TUNNEL     AUTOMATIC IKE  IPSEC-GRP_mu                      MUVPN
WG IKEv2 MVPN                    IKEv2            Enabled  TUNNEL     AUTOMATIC IKE  WG IKEv2 MVPN                     MUVPN
--------------------------------------------------------------------------------------------------------------------------------
#Policies: 2
--------------------------------------------------------------------------------------------------------------------------------

However, I cannot see these policies anywhere via the CLI.

Any help is appreciated.

Thanks!

Comments

  • For the record, what firewall model and what XTM version is it running?

    Also, consider using WSM Policy Manager to look at this. Often it gives a totally different view than either the Web UI or the CLI.

    And, you can open a support incident to get WG help in resolving this.

  • @Bruce_Briggs said:
    For the record, what firewall model and what XTM version is it running?

    Also, consider using WSM Policy Manager to look at this. Often it gives a totally different view than either the Web UI or the CLI.

    And, you can open a support incident to get WG help in resolving this.

    Great point - my apologies for not posting this:

    system model        : XTM26
    version             : 12.1.3.B571132
    

    I'll give the WSM Policy Manager a shot, but I couldn't get the System Manager to connect, except for one time out of eight. And when I did, the Policy Manager said it was the wrong version.

  • What WSM version are you trying to use?
    It needs to be the same or higher than your XTM version.

  • That actually may have likely been my problem now that I look at my recent downloads. I was using 11.12.4 - I just read that WSM must be the same or higher. Next time I get back to the building in question I'll give 12.1.3 a shot. :)

Sign In to comment.