topic Adding a Proxy ID member to IPSec Tunnel in General Topics

Adding a Proxy ID member to IPSec Tunnel

palomed — Fri, 02 Jun 2017 15:49:37 GMT

I added a single host to an existing tunnel. Does the phase 1 portion of the tunnel need to be restarted to take effect? After I added the new proxy-id 39 - if I run show vpn flow - I see that portion of the tunnel is in "init" phase while all others are active.

I tried tunning "test vpn ipsec-sa .." for that specific phase 2 instance but it's still just in init. Thanks.

277 IPSEC-YoyoPhx-Yaba-TUNNEL:YoYab-39init off 13.17.36.54 7.13.102.52 tunnel.22

Re: Adding a Proxy ID member to IPSec Tunnel

Raido_Rattameister — Fri, 02 Jun 2017 15:54:17 GMT

Did you add new ProxyID to both sides of the tunnel?

Re: Adding a Proxy ID member to IPSec Tunnel

palomed — Fri, 02 Jun 2017 19:48:25 GMT

I'm dealing with outside vendors for these tunnels. They said they added to their side of the tunnel but I can't actually see. Is there any way on the PAN to see if a pair of phase 2 addresses is trying to negotiate? e.g. say on the PAN side Proxy-ID-10 is Local 10.10.5.5/32 and Remote 192.168.5.5. Proxy-IDs 1 through 9 are fine and state active but 10 is init. Is there any way to see the of 192.168.5.5/10.10.5.5 are trying to become part of the phase 2?