IPSec VPN tunnel not coming up

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPSec VPN tunnel not coming up

L2 Linker

I configured IPSec VPN tunnel between my  2 PA FWs. The physical interfaces are up but the tunnel is not up. I am a Cisco guy and new to the PA. I am trying to see ipvpn traffic va the Monitor. But I did not see any traffic. How do I check for my ike phase 1 and ipsec phase 2 to make sure that all the parameters and the password matched on both side. Also, how do I need which side is the initiator and which side is the receiver? Thanks

5 REPLIES 5

Cyber Elite
Cyber Elite

hi @jac101

 

have you checked this article: Getting Started: VPN ?

 

you can initiate from one peer by running 

 

> test vpn ike-sa gateway <gateway>

> test vpn ipsec-sa tunnel <value>

 

the best place to start looking is in the 'system' log, the responder should have most information you need to fix configuration mismatches

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

How do I need which FW is the receiver?

if you execute the commands on firewall A, firewall B will be the receiver

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I did the commands from my main FW. So the next step is to go to the remote FW and look at the Monitor. Correct?

 

5220A(active)> test vpn ike-sa gateway PHASE1-gtw2

Start time: Dec.12 10:28:45
Initiate 1 IKE SA.

 

5220A(active)> test vpn ipsec-sa tunnel PHASE2-tunnel

Start time: Dec.12 10:29:18
Initiate 1 IPSec SA for tunnel PHASE2-tunnel.

correct, you should now see the negotiation taking place on the remote peer and see more info regarding what is succeeding and what is failing

you can access the system logs and filter for ( subtype eq vpn )

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 10351 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!