topic IPsec tunnel PA-Forcepoint Up but no traffic passing through in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/ipsec-tunnel-pa-forcepoint-up-but-no-traffic-passing-through/m-p/582132#M2920 <P>Hi ,</P> <P>&nbsp;</P> <P>I'm configuring an ipsec tunnel between PA-5410&nbsp; (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log,</P> <P>&nbsp;""PSec key deleted. Deleted SA: 172........[500]-.............peer[500] SPI:0xA83E98C1/0x3D6DB38C.'""&nbsp; and ( eventid eq 'ipsec-key-delete' )</P> <P>Need to resolve this matter.</P> <P>&nbsp;</P> <P>regards</P> Fri, 29 Mar 2024 11:11:34 GMT Bouthaina 2024-03-29T11:11:34Z IPsec tunnel PA-Forcepoint Up but no traffic passing through https://live.paloaltonetworks.com/t5/next-generation-firewall/ipsec-tunnel-pa-forcepoint-up-but-no-traffic-passing-through/m-p/582132#M2920 <P>Hi ,</P> <P>&nbsp;</P> <P>I'm configuring an ipsec tunnel between PA-5410&nbsp; (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log,</P> <P>&nbsp;""PSec key deleted. Deleted SA: 172........[500]-.............peer[500] SPI:0xA83E98C1/0x3D6DB38C.'""&nbsp; and ( eventid eq 'ipsec-key-delete' )</P> <P>Need to resolve this matter.</P> <P>&nbsp;</P> <P>regards</P> Fri, 29 Mar 2024 11:11:34 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ipsec-tunnel-pa-forcepoint-up-but-no-traffic-passing-through/m-p/582132#M2920 Bouthaina 2024-03-29T11:11:34Z Re: IPsec tunnel PA-Forcepoint Up but no traffic passing through https://live.paloaltonetworks.com/t5/next-generation-firewall/ipsec-tunnel-pa-forcepoint-up-but-no-traffic-passing-through/m-p/582647#M2941 <P>Hi Bouthaina,</P> <P>&nbsp;</P> <P>So both your Phase 1 and 2 are up?</P> <P>Phase1</P> <P>show vpn ike-sa gateway</P> <P>Phase2</P> <P>show vpn ipsec-sa</P> <P>Can you find anything in our ikemgr.log?&nbsp; less mp-log ikemgr.log</P> <P>Can you post also output of show vpn flow.</P> <P>Is any of you upstream devices using NAT?&nbsp; Could be you need to enable nat-traversal .</P> <P>Are your global counters revealing anything?</P> <P>Are u using proxy-id's , you must be using them since it is policy based VPN.</P> Thu, 04 Apr 2024 13:39:51 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ipsec-tunnel-pa-forcepoint-up-but-no-traffic-passing-through/m-p/582647#M2941 zGomez 2024-04-04T13:39:51Z