I have PANOS 4.1.2 and this is not the same problem. I configured Gateway with IPSec and X_Auth support. As client I use CISCO VPN client 5 which support only IPSec VPN connections. When I open "More Users Info" window to see active connection a have a LIfetime of connection set to 3660 sec. When I configured gateway I set login lifetime parameter to 24 hours. I also get an System log message that IPSec key has expired. I just do not know where I can change this parameter.
I still have an open case on this matter. We find out that it is the same problem with iPad nativ client which is supported by Palo Alto.
So i'm waiting for a response from support team.
Bump. Same problem here, PA-2050, version 4.1.9. I have tried all the suggestions in the forum, but connections from Android and Linux devices timeout after about an hour.
In the logs, I see this:
IPSec key installed. Installed SA: 188.8.131.52-184.108.40.206 SPI:0x8CB61A86/0x73498191 lifetime 3300 Sec lifesize unlimited
followed by (surprise, surprise!) about 3300 seconds later. ;-)
|IKE phase-1 SA is expired SA: 220.127.116.11-18.104.22.168 cookie:ffe6e33d5c27a2f5:6253cd787672d842.|
This is really a shame, because the connection works flawlessly, but in our environment timing out and having to manually reconnect isn't going to fly.
I tried everything you mentioned and I can connect using iOS with no problem. For the life of me, I can't get the Cisco VPN client to even connect, no response from peer. The one confusing me is the security policy rule you mentioned. Would it be from untrust to untrust as far as the zones since the interface IP is in the untrust zone?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!