Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

How long does PA stays as Responder in IPSEC connection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How long does PA stays as Responder in IPSEC connection

Cyber Elite
Cyber Elite

 

We have IPSEC from PA to vendor.

 

On GUI I see PA is responder

 

 

Does this mean that PA will remain as Responder until tunnel goes down   ?

 

If rekey happens for phase 1 and 2 will still PA remain as Responder?

 

 

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

it's the same principle as a TCP session

 

one site initiates the connection and the other end is the responder

once the tunnel is broken down, the system that initiates the new connection is the initiator

as long as the tunnel stays up and simply rekeys, the initiator remains the initiator

 

 

depending on your configuration one side could always be the initiator (one side is passive, all the connections come from one site, one site is dynamic and the other static...) or both could simply switch roles every so often

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

it's the same principle as a TCP session

 

one site initiates the connection and the other end is the responder

once the tunnel is broken down, the system that initiates the new connection is the initiator

as long as the tunnel stays up and simply rekeys, the initiator remains the initiator

 

 

depending on your configuration one side could always be the initiator (one side is passive, all the connections come from one site, one site is dynamic and the other static...) or both could simply switch roles every so often

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

MAny thanks Reaper.

 

Wanna meet you at IGnite will you be there?

MP

Help the community: Like helpful comments and mark solutions.

Unfortunately I will not be attending this edition, maybe next year 😉
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

sorry to hear that

too bad

Anyone from this forum will be there?

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 3862 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!