I added second ISP to firewall and created ECMP for dual ISP followed those guides:
when I'm trying to configure tunnel monitoring on the IPSEC tunnels (after I configure tunnel interface IPv4 from local network subnet) the connection drops and cann't connect again.
Only after I disable the tunnel monitoring settings the vpn connection comes up again.
anyone has suggestions what to do or what to check for it.
Thank you all.
- You shouldn't be using 8.0.0 anymore by far; update PAN-OS to something like 8.0.10 so you get the security fixes and all of the associated fixes, base images are not production ready.
- Depending on what you have specified in the tunnel monitoring profile this would be an expected action. When used in conjunction with DPD the montioring profile only has two options wait recover or fail over. In either case the firewall will attempt to recover by negotiating new IPSec keys. When certain peer devices see this action they will sometimes close the connection on their end depending on the configuration.
I would start by simply upgrading the PAN-OS version, because you shouldn't be running 8.0.0 anymore. That likely won't fix it, but it's better for your device as a whole. Since you are only running into an issue with the tunnel montioring profile active verify what the monitoring profile actually has set for the action. It could easily be that the peer device simply is dropping the connection when the PA attempts to re-key.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!