https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/442591#M100117 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/195574">@RPrasad3</a> ,</P> <P>&nbsp;</P> <P>It could be a good idea to review and confirm if all the settings from both sides are the same (phase 1 &amp; 2 lifetime amongst other things).&nbsp; When there is a mismatch, the most common result is that the VPN stops functioning when one site's lifetime expires.</P> <P>&nbsp;</P> <P>For more verbose logging information you might want to increase logging level to 'debug' if the problem persists.</P> <P>Also check the system logs in the same time frame as they might highlight proposal, negotiation and/or other issues.</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PORsCAO" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PORsCAO</A></P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC</A></P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 21 Oct 2021 14:49:41 GMT kiwi 2021-10-21T14:49:41Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/441912#M100047 <P><SPAN>IPSEC VPN tunnel got disconnected abruptly. We need to find out what could have caused this from the logs and adjust the VPN parameters accordingly.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>From logs i found this.</P><P>&nbsp;</P><P>&nbsp;</P><P>ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.814 +0000 [PNTF]: { 5: }: ====&gt; PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />====&gt; Initiated SA: 10.67.2.4[500]-129.146.18.218[500] message id:0x7AEB6BD2 &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.874 +0000 [PNTF]: { : 11}: ====&gt; PHASE-2 NEGOTIATION SUCCEEDED AS RESPONDER, (QUICK MODE) &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />====&gt; Established SA: 10.67.2.4[500]-129.146.18.218[500] message id:0x7AEB6BD2, SPI:0xFF264BC0/0x2E688DE1 &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.874 +0000 [INFO]: { 5: 11}: SADB_UPDATE proto=255 129.146.18.218[500]=&gt;10.67.2.4[500] ESP tunl spi 0xFF264BC0 auth=SHA1 enc=AES256/32 lifetime soft 3600/0 hard 3600/0<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.874 +0000 [INFO]: { 5: 11}: SADB_ADD proto=255 10.67.2.4[500]=&gt;129.146.18.218[500] ESP tunl spi 0x2E688DE1 auth=SHA1 enc=AES256/32 lifetime soft 3040/0 hard 3600/0<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.874 +0000 [INFO]: { 5: 11}: IPsec-SA established: ESP/Tunnel 129.146.18.218[500]-&gt;10.67.2.4[500] spi=4280699840(0xff264bc0)<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.874 +0000 [PNTF]: { : 11}: ====&gt; IPSEC KEY INSTALLATION SUCCEEDED &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />====&gt; Installed SA: 10.67.2.4[500]-129.146.18.218[500] SPI:0xFF264BC0/0x2E688DE1 lifetime 3600 Sec lifesize unlimited &lt;====<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.875 +0000 [INFO]: { 5: 11}: SPI FF264BC0 inserted by IPSec responder, return 0 0.<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.876 +0000 [INFO]: { 5: 11}: SPI AD383876 removed by keymodify, return 0 0.<BR />ikemgr.log<BR />2021-10-15 03:35:11<BR />2021-10-15 03:35:11.926 +0000 [PNTF]: { 4: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=c7</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>and&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>2021-10-15 05:40:14.000 +0000 [PNTF]: { : 3}: ====&gt; IPSEC KEY LIFETIME EXPIRED &lt;====<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />====&gt; Expired SA: 10.67.2.4[500]-193.122.168.108[500] SPI:0x89D515AF/0x9B4C01EE &lt;====<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />2021-10-15 05:40:14.000 +0000 [PNTF]: { : 3}: ====&gt; IPSEC KEY DELETED &lt;====<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />====&gt; Deleted SA: 10.67.2.4[500]-193.122.168.108[500] SPI:0x89D515AF/0x9B4C01EE &lt;====<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />2021-10-15 05:40:14.000 +0000 [INFO]: { 2: 3}: SADB_DELETE proto=0 src=10.67.2.4[500] dst=193.122.168.108[500] ESP spi=0x89D515AF<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />2021-10-15 05:40:14.003 +0000 [INFO]: { 2: }: IKE IPSEC KEY_DELETE recvd: SPI:0x9B4C01EE.<BR />ikemgr.log<BR />2021-10-15 05:40:14<BR />2021-10-15 05:40:14.003 +0000 [PWRN]: { : 3}: phase-2 sa purge mismatch SPI:0x00000000/0x9B4C01EE.<BR />ikemgr.log<BR />2021-10-15 05:40:16<BR />2021-10-15 05:40:16.476 +0000 [PNTF]: { 5: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d28831c36d68199a df9f3ea275e758eb (size=16).<BR />ikemgr.log<BR />2021-10-15 05:40:17<BR />2021-10-15 05:40:17.231 +0000 [PNTF]: { 4: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=c7831ca6999b3f2d 61b387c15d5e8f48 (size=16).</P><P>&nbsp;</P><P>&nbsp;</P><P>Can anyone help on this.</P><P>One one side it is palo alto the other side it is oracle.</P> Tue, 19 Oct 2021 12:10:54 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/441912#M100047 RPrasad3 2021-10-19T12:10:54Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/442591#M100117 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/195574">@RPrasad3</a> ,</P> <P>&nbsp;</P> <P>It could be a good idea to review and confirm if all the settings from both sides are the same (phase 1 &amp; 2 lifetime amongst other things).&nbsp; When there is a mismatch, the most common result is that the VPN stops functioning when one site's lifetime expires.</P> <P>&nbsp;</P> <P>For more verbose logging information you might want to increase logging level to 'debug' if the problem persists.</P> <P>Also check the system logs in the same time frame as they might highlight proposal, negotiation and/or other issues.</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PORsCAO" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PORsCAO</A></P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC</A></P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 21 Oct 2021 14:49:41 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/442591#M100117 kiwi 2021-10-21T14:49:41Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/442739#M100133 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/195574">@RPrasad3</a>,</P> <P>As&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;already mentioned review your settings and ensure that both sides actually match. From your logs it appears that lifetime values don't match on both sides which would lead to this sort of problem.&nbsp;</P> Fri, 22 Oct 2021 00:41:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-tunnel-getting-disconnected/m-p/442739#M100133 BPry 2021-10-22T00:41:20Z