Issue creating IPsec tunnel with identification_type FQDN

Question

Hi Cato community,I have encountered an issue where it is not possible to create a IPSec tunnel using the following configurationsSite type: IPSecV2connectionMode: RESPONDER_ONLYidentificationType: FQDN&nbsp;Since the IPsec is responder only with FQDN identification, the updateIpsecIkeV2SiteTunnels&nbsp; mutation cannot be used to create such tunnels as it will require a public site ip, but FQDN will give local ID.When I tried to enter a dummy ip to test it out, it shows a "GraphQL error: Required"; leaving it blank will produce Required field 'primary_public_site_ip' is missing or empty.&nbsp;Are there any solutions/workarounds for this?&nbsp;Let me know if more information is required.Cheers,VincentP

michaelsaw · Answer

Hi&nbsp;VincentP,&nbsp;
Just to check, is there a Support ticket submitted to check on this issue?
Cheers

vincentp · Answer

Hi michaelsaw​&nbsp;Nope, this is for internal testing.&nbsp;&nbsp;&nbsp;

michaelsaw · Answer

Hi&nbsp;VincentP,&nbsp;
Understood.Do reach out to your Cato Representative to assist you on this.
Cheers

Forum Discussion

Issue creating IPsec tunnel with identification_type FQDN

3 Replies

Recent Discussions

Recording: API/DevOps Live - May 2026

Issue creating IPsec tunnel with identification_type FQDN

Is there a way to monitor CATO IPSec degraded status

I could use some help with a Powershell script for the events feed.

Terraform: IPsec site creation with Responder-only and destination type FQDN possible?