- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-11-2017 08:06 PM
I configured IPSec VPN tunnel between my 2 PA FWs. The physical interfaces are up but the tunnel is not up. I am a Cisco guy and new to the PA. I am trying to see ipvpn traffic va the Monitor. But I did not see any traffic. How do I check for my ike phase 1 and ipsec phase 2 to make sure that all the parameters and the password matched on both side. Also, how do I need which side is the initiator and which side is the receiver? Thanks
12-12-2017 02:28 AM
hi @jac101
have you checked this article: Getting Started: VPN ?
you can initiate from one peer by running
> test vpn ike-sa gateway <gateway>
> test vpn ipsec-sa tunnel <value>
the best place to start looking is in the 'system' log, the responder should have most information you need to fix configuration mismatches
12-12-2017 06:30 AM
How do I need which FW is the receiver?
12-12-2017 06:56 AM
if you execute the commands on firewall A, firewall B will be the receiver
12-12-2017 07:32 AM - edited 12-12-2017 07:33 AM
I did the commands from my main FW. So the next step is to go to the remote FW and look at the Monitor. Correct?
5220A(active)> test vpn ike-sa gateway PHASE1-gtw2
Start time: Dec.12 10:28:45
Initiate 1 IKE SA.
5220A(active)> test vpn ipsec-sa tunnel PHASE2-tunnel
Start time: Dec.12 10:29:18
Initiate 1 IPSec SA for tunnel PHASE2-tunnel.
12-13-2017 01:43 AM
correct, you should now see the negotiation taking place on the remote peer and see more info regarding what is succeeding and what is failing
you can access the system logs and filter for ( subtype eq vpn )
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!