https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9505#M6981 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>thanks for both answers.</P><P>After reading the guide und checking the logs the vpn tunnel is up and running now.</P><P>The asa admin disabled the isakmp keepalive settings at his box and i configured a proxy id in the ipsec tunnel cause the asa uses policy-based vpns instead of rotue based vpn's.</P><P></P><P>Many thanks for your helps.</P><P></P><P>Best regards,</P><P>Christian </P></BODY></HTML> Thu, 24 May 2012 14:11:48 GMT cfpa 2012-05-24T14:11:48Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9502#M6978 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>right now we are trying to setuop a ipsec vpn between out palo alto 4.0.7 box and a cisco asa 8.2 box ..</P><P></P><P>Cause we are running into troubles whithin the ike setup, i would like to know the following:</P><P></P><P>1. How can i debug the vpn setup in the pa ? I'm used to ASA's but this is my first vpn setup on a PA. I want to check why the tunnel does not come up (i did the setup regarding to the documentation)</P><P>2. I found the follwing as fixed in the release note of 4.1.6:</P><P></P><P><SPAN style="font-size: 12pt;"></SPAN></P><P><SPAN style="font-size: 10pt;"><STRONG>39844 – IPSec VPN tunnel not coming up when Palo Alto Networks firewall initiates a connection to a Cisco ASA device.</STRONG></SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Is it possible that im hitting that bug ? In which software version was this bug introduced ?</SPAN></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt;"> </SPAN></P><P><SPAN style="font-size: 10pt;">Many thanks,<BR />Christian</SPAN></P><P></P></BODY></HTML> Wed, 23 May 2012 14:47:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9502#M6978 cfpa 2012-05-23T14:47:20Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9503#M6979 <HTML><HEAD></HEAD><BODY><P>You should see log entries including attempts to make connections in Monitor--&gt;Logs--&gt;System</P><P></P><P>To test a IPSec tunnel, from the command line on the PA,</P><P>clear vpn ike-sa gateway &lt;name of IKE Gateway in Network--&gt;Network Profiles--&gt;IKE Gateways&gt;</P><P>clear vpn ipsec-sa tunnel &lt;name of IPSec tunnel in Network--&gt;IPSec Tunnels&gt;</P><P>test vpn ipsec-sa tunnel &lt;name of IPSec tunnel in Network--&gt;IPSec Tunnels&gt;</P><P></P><P></P><P>We've only encountered bug #39844 in PAN-OS version 4.1.5.</P></BODY></HTML> Wed, 23 May 2012 16:09:22 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9503#M6979 bstapleton 2012-05-23T16:09:22Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9504#M6980 <HTML><HEAD></HEAD><BODY><P>This document&nbsp; <A href="https://live.paloaltonetworks.com/docs/DOC-1328">https://live.paloaltonetworks.com/docs/DOC-1328</A> gives a sample configuration between PAN and Cisco ASA. </P><P></P><P>You can also look at the ike manager logs to get more info:</P><P></P><P>less mp-log ikemgr.log</P></BODY></HTML> Wed, 23 May 2012 16:25:55 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9504#M6980 zarina 2012-05-23T16:25:55Z https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9505#M6981 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>thanks for both answers.</P><P>After reading the guide und checking the logs the vpn tunnel is up and running now.</P><P>The asa admin disabled the isakmp keepalive settings at his box and i configured a proxy id in the ipsec tunnel cause the asa uses policy-based vpns instead of rotue based vpn's.</P><P></P><P>Many thanks for your helps.</P><P></P><P>Best regards,</P><P>Christian </P></BODY></HTML> Thu, 24 May 2012 14:11:48 GMT https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-to-cisco-asa/m-p/9505#M6981 cfpa 2012-05-24T14:11:48Z