IPSEC VPN IKE Phase 1 Goes down after couple of hours

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IPSEC VPN IKE Phase 1 Goes down after couple of hours

L1 Bithead

Hi Guys,

 

Got a quick query. We have implemetmented new pa 3050 firewall in our perimeter. Two IPSEC vpns configured and working fine. We notice, after couple of hours, the Status of first led goes red. but, the second status led stays green. During this time remote end complained that they cannot transfer file. Once we issue the following command on the firewall the vpn comes up and the issue getting resolved.

clear vpn ike-sa gateway 

clear vpn ipsec-sa tunnel  

test vpn ike-sa gateway 

test vpn ipsec-sa tunnel   

everyday we are facing this issue.

 

Is their any way we can keep the tunnel up always?

3 REPLIES 3

L6 Presenter

Hi,

 

This is what l get from time to time in the IPSec Tunnel status tab but my tunnel traffic flow still ok as my Phase 2 (actual IPSec tunnel) still up.

 

IKE1.PNG

 

If your IPSec tunnel is not renegotiating automatically, best start with ikemgr.logs:

 

> tail lines 50 mp-log ikemgr.log

 

 

L4 Transporter

Is their any way we can keep the tunnel up always?

 

this is done through tunnel monitoring.

 

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/vpns/set-up-tunnel-monitoring

--
CCNA Security, PCNSE7

What about if I'm seeing this with both LEDs red ?  IPSEC and IKE down..

Yet to see ikemgr.logs..

  • 3684 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!