https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45927#M33753 <HTML><HEAD></HEAD><BODY><P>Is the far end of the VPN a Cisco device?</P><P></P><P>Ciscos do advertise their vendor in the IKE exchange, you can se this in the 'less mp-log ikemgr.log' output:</P><P></P><P>2014-09-04 03:16:56 [INFO]: received Vendor ID: CISCO-UNITY</P><P></P><P>I think is is due to this that ciscovpn is selected as the application within the Palo Alto firewall.</P></BODY></HTML> Fri, 05 Sep 2014 11:55:02 GMT ajbool 2014-09-05T11:55:02Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45926#M33752 <HTML><HEAD></HEAD><BODY><P>&nbsp;&nbsp; why we are getting CISCOVPN traffic flow on VPN. please suggest.</P><P></P><P><IMG alt="sa.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/15332_sa.png" style="height: 270px; width: 620px;" /></P></BODY></HTML> Fri, 05 Sep 2014 11:40:47 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45926#M33752 Satish 2014-09-05T11:40:47Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45927#M33753 <HTML><HEAD></HEAD><BODY><P>Is the far end of the VPN a Cisco device?</P><P></P><P>Ciscos do advertise their vendor in the IKE exchange, you can se this in the 'less mp-log ikemgr.log' output:</P><P></P><P>2014-09-04 03:16:56 [INFO]: received Vendor ID: CISCO-UNITY</P><P></P><P>I think is is due to this that ciscovpn is selected as the application within the Palo Alto firewall.</P></BODY></HTML> Fri, 05 Sep 2014 11:55:02 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45927#M33753 ajbool 2014-09-05T11:55:02Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45928#M33754 <HTML><HEAD></HEAD><BODY><P>Hi Ajbool, Yes, End side is the cisco device and i have more then 100 tunnels but most of cisco but i am facing this issue is only 3-4 tunnel.i have all ready create a application overwrite policy but till, i am facing this issue. Thanks Regards Satish</P></BODY></HTML> Fri, 05 Sep 2014 12:14:53 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45928#M33754 Satish 2014-09-05T12:14:53Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45929#M33755 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>Please find analysis of application "ciscovpn"</P><P>The Cisco VPN Client allows organizations to establish end-to-end, encrypted VPN tunnels for secure connectivity for mobile employees or teleworkers.</P><P></P><P>Based on above analysis, there is a ciscovpn client which has generated remote access VPN request. </P><P></P><P>Can you confirm the same, via tracing source and destination.</P><P></P><P>Regards,</P><P>Hardik <SPAN style="font-size: 10pt; line-height: 1.5em;">S</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">hah</SPAN></P></BODY></HTML> Fri, 05 Sep 2014 13:56:37 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45929#M33755 hshah 2014-09-05T13:56:37Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45930#M33756 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">If the IKE traffic is terminated on a Cisco device, it can contain a Cisco vendor ID field.&nbsp; If <SPAN class="GINGER_SOFTWARE_mark">Cisco vendor ID field</SPAN> is seen in IKE packets by the <SPAN class="GINGER_SOFTWARE_mark">AppID</SPAN> it will be identified as '<SPAN class="GINGER_SOFTWARE_mark">ciscovpn</SPAN>' application.</SPAN></P><P></P><P>Reference DOC:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-4340">ciscovpn</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 05 Sep 2014 14:48:06 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45930#M33756 HULK 2014-09-05T14:48:06Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45931#M33757 <HTML><HEAD></HEAD><BODY><P>HI Hulk Dud., You are right but question is that there are also other Cisco Tunnel but application identify as IPsec but few tunnel is identify as a CiscoVPN why??? Regards Satish</P></BODY></HTML> Fri, 05 Sep 2014 15:50:40 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45931#M33757 Satish 2014-09-05T15:50:40Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45932#M33758 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>In both cases, could you please apply &gt;show session id xxxx and share the output.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 05 Sep 2014 16:10:38 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-traffic-issue/m-p/45932#M33758 HULK 2014-09-05T16:10:38Z