05-07-2024 06:46 AM
Hello everyone,
I see many events per second for a site-to-site IPSec tunnel and am unsure if it's normal. The below events have a severity level of informational but go over and over in a second.
My question is, is it normal? if not, where should I look to fix it? What can be wrong?
ikev2-nego-child-start
ikev2-nego-ike-start
ipsec-key-delete
ikev2-recv-p2-delete
ipsec-key-delete
ikev2-send-p2-delete
ikev2-nego-ike-succ
ikev2-nego-child-succ
ipsec-key-install
ikev2-nego-child-start
ikev2-nego-ike-start
ikev2-recv-p2-delete
ipsec-key-delete
ikev2-send-p2-delete
ikev2-recv-p1-delete
ikev2-nego-child-succ
ipsec-key-install
ikev2-nego-child-start
05-07-2024 07:44 AM
It is not normal.
It usually happens if proxy-id's don't match with peer side
05-07-2024 07:50 AM
We didn't set up proxy IDs but I will add and check.
Thank you
05-07-2024 07:56 AM
If you did not set up proxy id's then Palo sends 0.0.0.0/0 to other side.
You can dig deeper by following KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcKCAS
Instead of less command at the end you can run "tail follow yes mp-log ikemgr.log" to get updates in real time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
