01-28-2016 05:33 AM
If a vpn tunnel has been successfully established from a cisco device and passing through the PA firewall, is it possible for the PA to still drop the traffic destined for the established tunnel?
01-28-2016 11:13 AM
It appears that there was a open session that never ended. I went into session browser, manually ended the session, a new session started and it began to pass traffic
01-28-2016 06:20 AM
I think the answer there is 'it depends'.
I'm my scenario, I have a different zone for the other side of the VPN tunnel so if there is no security policy, then yes it will get dropped.
01-28-2016 06:22 AM
@jdprovine The traffic on PA would be seen as either ESP or ESP-UDP, can you check in the traffic logs on the PA if this traffic is seen ? To ensure you have PA as passthrough allow application "IPSEC" as suggested in below DOC :
01-28-2016 06:23 AM
Thanks I will check it out
01-28-2016 11:13 AM
It appears that there was a open session that never ended. I went into session browser, manually ended the session, a new session started and it began to pass traffic
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
