Archer MR200 4G Router IpSec VPN issue
Hi all,
I use Archer MR200 for ipsec VPN setup. Other side is Palo Alto Firewall. I succesfully made ipsec vpn with MR400 but this MR200 one is send wrong ip to Palo Alto i think. LEt me share details;
Archer MR200 side;
* Operation Mode: 3G/4G Router Mode
Sim Card installed with static ip taken from ISP.
Internet works well.
* LAN Settings;
IP Address: 192.168.30.1
Subnet Mask: 255.255.255.0
DHCP: Enable
DHCP Server: Selected
IP Address Pool: 192.168.30.100 - 192.168.30.199
Address Lease Time: 1440
Default Gateway: 192.168.30.1
* IpSec VPN Setup;
Remote IPSec Gateway (URL): 213.xx.xx.xx (Remote side firewall wan ip)
Tunnel access from local IP addresses: Subnet Address
IP Address for VPN: 192.168.30.0
Subnet Mask: 255.255.255.0
Tunnel access from remote IP addresses: Subnet Address
IP Address for VPN: 20.1.0.0
Subnet Mask: 255.255.255.0
Key Exchange Method: Auto (IKE)
Authentication Method: Pre-Shared Key
Pre-Shared Key: XXXXXXXXXX
Perfect Forward Secrecy: Enable
==Phase 1==
Mode: Main
Local Identifier Type: Local WAN IP
Remote Identifier Type: Remote WAN IP
When i look to Palo Alto Logs i see both WAN Ip start to talk like;
IKE phase-1 negotiation is started as initiator, main mode. Initiated SA: 213.XX.XX.XX[500]-5.XX.XX.XX[500] cookie:fe2e837a0a26820b:0000000000000000.
But strange things occures after that;
IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.225.100 (type ipaddr) does not match a configured IKE gateway.
When i search via Internet, this 192.168.225.100 ip is belong to MR200. But my MR200 LAN is 192.168.30.0/24 as i wrote above.
Problem is Archer MR200 come with this 192.168.225.100 ip to Palo Alto for peering.
I also use MR400 for ipsec at different location with same setup it works well.
Any help appreciated, thank you.