https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9260#M6778 <HTML><HEAD></HEAD><BODY><P>It is possible that the traffic for the ipsec-udp is minimal and the criteria you have set it does not show in that.</P><P>Also keep in mind the data is logged at the session end. </P><P>Verify that the setting are expanded as per need for Time, sort by and top</P><P><IMG alt="Capture.JPG.jpg" class="jive-image" height="230" src="https://live.paloaltonetworks.com/legacyfs/online/7996_Capture.JPG.jpg" style="height: 231px; width: 1068.8059701492537px;" width="1067" /></P><P>Also anther thing you can do is check in the traffic logs to verify if you have logs for it by using the filter.</P><P>You can use following filter ( app eq ipsec-esp-udp ) and ( app eq ipsec-esp )</P><P>If nothing shows up here then do it based on the traffic rule e.g ( rule eq rule_name )</P><P>If the traffic shows up now. Then verify what is the application it is showing. If it is showing up undecided or the actual applicaiton name.</P><P>If it is showing up as actual application name then as mentioned above it is just possible that you have minimal traffic for it and it is just now showing up in ACC tab.</P><P></P><P>Hope this helps.<BR />Thanks</P><P>Numan</P></BODY></HTML> Thu, 29 Aug 2013 18:31:05 GMT mbutt 2013-08-29T18:31:05Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9256#M6774 <HTML><HEAD></HEAD><BODY><P>We have a Vwire configuration with a paloalto (5.0.6) between a third-party router and the wan port.</P><P></P><P>Security policy is allow any - any for both directions/security zones, log at session start an end.</P><P></P><P>Everything works (as expected), all VPN Tunnels on the third party device are up and running, b<SPAN style="font-size: 10pt; line-height: 1.5em;">ut we dont see any ipsec-esp traffic in the traffic monitor, or ACC stats.</SPAN></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">If we make a packet capture on the paloalto we do see that the ipsec-esp packets are passing through the vwire.</SPAN></P><P></P><P>We already tried du define two additional rules with ipsec as application - but that does not change anything.</P><P></P><P>Any hints ?</P></BODY></HTML> Tue, 27 Aug 2013 15:01:10 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9256#M6774 register 2013-08-27T15:01:10Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9257#M6775 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Are we able to see live sessions on the the paloalto for protocol 50?</P><P></P><P>The command to check that would be:</P><P>&gt; show session all filter protocol 50</P><P></P><P></P><P></P><P>Regards,</P><P>Kunal Adak</P></BODY></HTML> Tue, 27 Aug 2013 18:29:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9257#M6775 kadak 2013-08-27T18:29:20Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9258#M6776 <HTML><HEAD></HEAD><BODY><P>yes, we do see them.</P></BODY></HTML> Wed, 28 Aug 2013 06:51:46 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9258#M6776 register 2013-08-28T06:51:46Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9259#M6777 <HTML><HEAD></HEAD><BODY><P>Can you paste the o/p of the following commands:-</P><P>debug log-receiver statistics</P><P> show system logdb-quota</P><P> show system disk-space</P></BODY></HTML> Thu, 29 Aug 2013 18:22:01 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9259#M6777 sraghunandan 2013-08-29T18:22:01Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9260#M6778 <HTML><HEAD></HEAD><BODY><P>It is possible that the traffic for the ipsec-udp is minimal and the criteria you have set it does not show in that.</P><P>Also keep in mind the data is logged at the session end. </P><P>Verify that the setting are expanded as per need for Time, sort by and top</P><P><IMG alt="Capture.JPG.jpg" class="jive-image" height="230" src="https://live.paloaltonetworks.com/legacyfs/online/7996_Capture.JPG.jpg" style="height: 231px; width: 1068.8059701492537px;" width="1067" /></P><P>Also anther thing you can do is check in the traffic logs to verify if you have logs for it by using the filter.</P><P>You can use following filter ( app eq ipsec-esp-udp ) and ( app eq ipsec-esp )</P><P>If nothing shows up here then do it based on the traffic rule e.g ( rule eq rule_name )</P><P>If the traffic shows up now. Then verify what is the application it is showing. If it is showing up undecided or the actual applicaiton name.</P><P>If it is showing up as actual application name then as mentioned above it is just possible that you have minimal traffic for it and it is just now showing up in ACC tab.</P><P></P><P>Hope this helps.<BR />Thanks</P><P>Numan</P></BODY></HTML> Thu, 29 Aug 2013 18:31:05 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9260#M6778 mbutt 2013-08-29T18:31:05Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9261#M6779 <HTML><HEAD></HEAD><BODY><P>Perhaps enable logging on session start to check if you see the logs then? When logging on session end, you will only see the log when the session end, so if there are keep alive packets send through the tunnel, you won't see a log.</P></BODY></HTML> Fri, 30 Aug 2013 06:13:38 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-esp-protocol-50-invisible-in-vwire-mode/m-p/9261#M6779 ${userLoginName} 2013-08-30T06:13:38Z