03-17-2025 07:22 AM
Hi,
Is there a command to check if a tunnel went down on a specific time and why it happened.
I have a tunnel set-up to a 3rd party where they keep monitoring some of their servers. They inform me that they receive alarms every hour that the endpoint is down and its not coming back up for about 15 min.
I cant see anything obvious. I have done show vpn flow name ... but I cant see any error there. is there any other logs that I could check to see those disconnections that 3rd party mentioning and if I can get any clue from the output why the tunnels going down.
03-17-2025 10:58 AM
@AY_FASAR wrote:
Hi,
Is there a command to check if a tunnel went down on a specific time and why it happened.
I have a tunnel set-up to a 3rd party where they keep monitoring some of their servers. They inform me that they receive alarms every hour that the endpoint is down and its not coming back up for about 15 min.
I cant see anything obvious. I have done show vpn flow name ... but I cant see any error there. is there any other logs that I could check to see those disconnections that 3rd party mentioning and if I can get any clue from the output why the tunnels going down.
If you look in the GUI logs, (system) and filter on type of "VPN" (I think.) that should give you the logs you're looking for. I would also add time stamps filters with a "geq" (after - greater than equal to) & "leq" (before - less than equal to) for the time period you had VPN issues. You can look through the logs and find errors much easier that way.
03-18-2025 03:11 AM
all I can see is just the key negotiation, nothing else to suggest there is an issue. 3rd party insists that they sent traffic down the tunnel to us and that they get dropped our end. if they keep sending traffic, means the tunnel stays up all the time but there is some other issue.
Could the traffic getting dropped some how during the rekey phase? if there is possibility, is there a debug or packet capture to prove this? with packet capture it might be a bit tricky as the issue is intermittent.
03-18-2025 09:23 AM
@AY_FASAR to clarify your issue - the tunnel states it is up on both ends, but there is no traffic flowing through it? Working through something similar to this myself.
A few thoughts:
Will keep you updated if I find RCA in my case.
03-18-2025 02:13 PM
I dont believe its NTP or anything similar, all other tunnels working fine. it's only this tunnel's 3rd party and the issue is intermittent.
Not sure what vendor is 3rd party's gateway but I can check.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
