packet drops on traffic going through IPsec tunnel.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

packet drops on traffic going through IPsec tunnel.

L1 Bithead

Hi,

We are getting packet drops on traffic going through IPsec tunnel.We have checked ISP link but there is no drops on ISP link even no load on it. Tunnel is aslo up but getting intermittent drops on traffic goint on IPsec tunnel.
We have checked both end firewall but no sucesses.

Kindly help.ule


Thnaks & Regard
Pradeep Chaugule

1 accepted solution

Accepted Solutions

Hi,

 

We have checking connectivity by pinging  remote server IP which is located in UK southampton (Head Office), which is connected through tunnl. However we have rectify the problem , the problem is in remote firewall,  its not stable,  having a performance issue. Remote engineer will trying to resolve issue by shifting tunnle to another firewall.

 

Thanks for your support.

 

Regards,

Pradeep 

 

 

 

 

 

 

 

 

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

@pradip1069

Run the command 'show vpn flow name <value>' and post the output. 

May also want to verify global counters with the porper filters on both ends to see if there are any errors or discards. 'show counter global filter severity drop aspect tunnel category flow' 

L1 Bithead

Have you tried to perfom a connectivity test from public to public IP (no encrytion)? Is it running fine?

Palo Alto has automatic MTU adjustment, what about your rmeote VPN device?

 

Can you run show global counters for erros and drops? That will give you evidence about the type of drops in the firewall and possible cause.

 

 

Hi,

 

Thanks for reply , Please find the below "show vpn flow name <value>" and  'show counter global filter severity drop aspect tunnel category flow'  command output.

 

SHOw VPN Flow name.jpgGobal Counter Log.jpg

@pradip1069,

The only thing that really sticks out on any of that too my eyes is that fact that you have 9 replay packets. How exactly have you identified that you are dropping the packets on the tunnel? Have you taken a PCAP on both ends to verify that the end device in question isn't dropping the traffic? 

I agree.

 

Could you please ellaborate more about how did you identify the packet loss?

 

Hi,

 

We have checking connectivity by pinging  remote server IP which is located in UK southampton (Head Office), which is connected through tunnl. However we have rectify the problem , the problem is in remote firewall,  its not stable,  having a performance issue. Remote engineer will trying to resolve issue by shifting tunnle to another firewall.

 

Thanks for your support.

 

Regards,

Pradeep 

 

 

 

 

 

 

 

 

  • 1 accepted solution
  • 11701 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!