Trying to get IPSec VPN working with certificates but I keep getting this error when trying to publish changes. The certificates are valid and I can resolve the fqdn via DNS fine. Works fine using PSK. I have tried using the fqdn in the PeerID as the error suggests but it made no difference. The hosts are on the same subnet so there is nothing blocking them. The remote peer is a Palo Alto firewall if that changes anything.
Any thoughts as to why certs won't work please?
Thank you.
Hi,
I am sure you are following the steps correctly as per the article Configure the IPsec VPN Site Connections for the Edge Gateway , still would it be possible for you to confirm if you have followed the same steps.
Thanks for your reply. My configuration is exactly like the one in the document you linked. When I use PSK it works and very little config changes should be necessary for the cert authenticated version to work.
Is it a self signed cert or 3rd party? and does it have correct DN, SAN, and authentication (Server or client).
I'm using this Openssl based tool to generate certs. Link I have used these certs for web browsing but I suspect they may not be the right cert type that NSX requires. I need to do some more investigation...