- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-23-2022 09:01 AM
Hi- I am trying to implement exactly this article for ipsec - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK
However the tunnel is not coming up, I am not sure if its gns issue or my configuration?
Wireshark packet drop also attached
12-23-2022 02:10 PM
Hello,
What do the system logs show for the VPN tunnel? This is where they are logged. I'm thinking either there is a configuration error or something is blocking the traffic somewhere. Check the traffic logs to see if the packets are making it and/or getting dropped/blocked by the PAN.
Regards,
12-23-2022 02:10 PM
Hello,
What do the system logs show for the VPN tunnel? This is where they are logged. I'm thinking either there is a configuration error or something is blocking the traffic somewhere. Check the traffic logs to see if the packets are making it and/or getting dropped/blocked by the PAN.
Regards,
12-27-2022 10:41 AM
I agree with @OtakarKlier. You can check the logs (system & traffic) to understand why the connection is not getting established.
The other thing which I would suggest is to take the packet capture with the IPSec traffic. If required, you can run the test commands on the CLI to initiate the connection at the same time when you are capturing packets. You can follow this article.
Another article which is helpful - How to check Status, Clear, Restore, and Monitor an IPSec VPN Tunnel
Regards,
12-27-2022 10:26 PM
Thanks for response, I have been looking at logs and connectivity, I could not find any issue,
Can you please review attached cli logs and packet captures, let me know if that helps in finding the issue?
12-28-2022 02:18 PM
Hello,
I think its in your tunnel config somewhere. Double check to make sure every setting is identical on both sides.
Regards,
12-29-2022 02:01 PM - edited 12-29-2022 09:40 PM
Thanks all, the issue is resolved -- I actually found the issue in routing on connected routers, for some reason default route was dropping traffic even though the destination was pingable.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!