Active tunnel
cancel
Showing results for 
Search instead for 
Did you mean: 

Active tunnel

L4 Transporter

I have created site to site vpn tunnels from a palo alto 3020 to ASA 5505 firewalls. The show green and active through the CLI and the web console. But when I try to ping a server on the other side of the tunnel I get no reply, is the tunnel up? Is it really passing traffic?

28 REPLIES 28

Its not that the tunnel won't come up but it goes down every day at the same time and then is back up and working in the morning no matter what the prosy id's are set.

It means re-key negotiation is not working fine. Tunnel is between different vendors, so sometimes re-key could be the issue.

Check the PFS settings, or make sure key negotiation time is exactly same on both the firewalls.

Where are the PFS settings?

In Phase-II if you select group2 or any group, that is considered as a PFS.

Make sure its disabled or enabled on both the devices.

Example from GUI:

PFS.PNG

Thanks

Okay why would I want to disable that?

Hello Infotech,

We said It should be Either Enabled or Disabled on both the end.

Lets say if you want to keep it Enable on PAN then make sure its enabled on peer as well.

Regards,

hardik Shah

I checked and they are set the same

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!