IPSec IKEv2 multiple events per second

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPSec IKEv2 multiple events per second

L1 Bithead

Hello everyone,

 

I see many events per second for a site-to-site IPSec tunnel and am unsure if it's normal. The below events have a severity level of informational but go over and over in a second.

My question is, is it normal? if not, where should I look to fix it? What can be wrong?

 

ikev2-nego-child-start
ikev2-nego-ike-start
ipsec-key-delete
ikev2-recv-p2-delete
ipsec-key-delete
ikev2-send-p2-delete
ikev2-nego-ike-succ
ikev2-nego-child-succ
ipsec-key-install
ikev2-nego-child-start
ikev2-nego-ike-start
ikev2-recv-p2-delete
ipsec-key-delete
ikev2-send-p2-delete
ikev2-recv-p1-delete
ikev2-nego-child-succ
ipsec-key-install
ikev2-nego-child-start

3 REPLIES 3

Cyber Elite
Cyber Elite

It is not normal.

It usually happens if proxy-id's don't match with peer side

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

We didn't set up proxy IDs but I will add and check.

Thank you

Cyber Elite
Cyber Elite

If you did not set up proxy id's then Palo sends 0.0.0.0/0 to other side.

 

You can dig deeper by following KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcKCAS

Instead of less command at the end you can run "tail follow yes mp-log ikemgr.log" to get updates in real time.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1172 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!