Hi, we have configured a VPN site-to-site between Juniper SSG and PA3020. The tunnel is flapping up/down. The VPN is well-configured and we have configured VPN monitor with Rekey option in the SSG. How could we know why the tunnel is flapping all the time??? i attached the PA logs
2015-07-30 16:52:11 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION SUCCEEDED AS RESPONDER, (QUICK MODE) <====
====> Established SA: 116.x.x.x-121.x.x.x message id:0xF6C5386E, SPI:0xB9D02A28/0x598B9BDB <====
2015-07-30 16:52:11 [INFO]: SADB_UPDATE ul_proto=255 src=121.x.x.x dst=116.x.x.x satype=ESP samode=tunl spi=0xB9D02A28 authtype=SHA1 enctype=3DES lifetime soft time=3600 bytes=0 hard time=3600 bytes=0
2015-07-30 16:52:11 [INFO]: SADB_ADD ul_proto=255 src=116.x.x.x dst=121.x.x.x satype=ESP samode=tunl spi=0x598B9BDB authtype=SHA1 enctype=3DES lifetime soft time=3600 bytes=0 hard time=3600 bytes=0
2015-07-30 16:52:11 [INFO]: IPsec-SA established: ESP/Tunnel 121.x.x.x->116.x.x.x spi=3117427240(0xb9d02a28)
2015-07-30 16:52:11 [PROTO_NOTIFY]: ====> IPSEC KEY INSTALLATION SUCCEEDED <====
====> Installed SA: 116.x.x.x-121.x.x.x SPI:0xB9D02A28/0x598B9BDB lifetime 3600 Sec lifesize unlimited <====
2015-07-30 16:52:11 [INFO]: keymirror add start ++++++++++++++++
2015-07-30 16:52:11 [INFO]: keymirror add for gw e, tn 20, selfSPI B9D02A28, retcode 0.
[PROTO_NOTIFY]: ====> IPSEC KEY DELETED <====
Could you please provide a output of the command
tail lines 300 mp-log ikemgr.log
Run the above command when rekey is happening. Also make sure that lifetime is matching on both side for both phases.
Phase 2 lifetime should be less than phase 1 lifetime.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!