Site-to-Site IPSec VPN between Palo Alto Networks Firewall and Cisco Router is Unstable or Intermittent

Site-to-Site IPSec VPN between Palo Alto Networks Firewall and Cisco Router is Unstable or Intermittent

63718
Created On 09/25/18 17:52 PM - Last Modified 06/13/23 16:34 PM


Resolution


Symptoms

Site-to-Site IPSec VPN has been configured between a Palo Alto Networks firewall and a Cisco router. However, the VPN is unstable or intermittent.

Cause

The issue may be due to a Dead Peer Detection (DPD) configuration mismatch.

Resolution

Check and modify the Palo Alto Networks firewall and Cisco router to have the same DPD configuration.

On the Palo Alto Networks firewall, go to Network > Network Profiles > IKE Gateways as follows:

  1.jpg

Confirm that the same configuration is made on the Cisco router:

2.jpg

owner: jlunario
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLVCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language