I made an VPN Tunnel between paloalto and fortigate(3 tunnels).
Every config is same between them. 2 of them work well but 1 tunnel has an issue.
About 3 mins before phase 2 negotiation(by lifetime or other reason), traffics can't go through the tunnel.
(I can see traffic logs that incomplete).
After negotiation and install sa, it works normally.
What should I look? There no error log or fail in ikemgr or system log.
When traffic does not pass any more from one side to other then try to initiate traffic from other side back to your side. Does traffic flow then?
I have the same issue with old and stable ipsec tunnel between PA3020 (8.1.1) and VM200 (8.0.10).
suddenly the tunnel is not working even when the connection looks fine and system logs show tunnel is up.
on source side I see traffic go to tunnel and aged-out, on destination side logs don't show the traffic.
when I change something on the tunnel config and revert the changes or disable/enable the tunnel it come back to normal.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!