12-23-2018 11:38 PM
Hello,
I made an VPN Tunnel between paloalto and fortigate(3 tunnels).
Every config is same between them. 2 of them work well but 1 tunnel has an issue.
About 3 mins before phase 2 negotiation(by lifetime or other reason), traffics can't go through the tunnel.
(I can see traffic logs that incomplete).
After negotiation and install sa, it works normally.
What should I look? There no error log or fail in ikemgr or system log.
12-24-2018 08:00 AM
Check renegotiation time. Does it match with peer site?
12-24-2018 08:02 AM
12-24-2018 08:11 AM
When traffic does not pass any more from one side to other then try to initiate traffic from other side back to your side. Does traffic flow then?
12-24-2018 08:16 AM
12-24-2018 09:02 AM
I would check tunnel status at other side when it happens.
12-25-2018 11:44 PM
Thanks,
I want to check it but I don't manage that device... So it's hard to check other side.
12-26-2018 12:17 PM
Hi @yhlee1
I have the same issue with old and stable ipsec tunnel between PA3020 (8.1.1) and VM200 (8.0.10).
suddenly the tunnel is not working even when the connection looks fine and system logs show tunnel is up.
on source side I see traffic go to tunnel and aged-out, on destination side logs don't show the traffic.
when I change something on the tunnel config and revert the changes or disable/enable the tunnel it come back to normal.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
