IPSec VPN tunnel not coming up

Reply
Highlighted
L2 Linker

IPSec VPN tunnel not coming up

I configured IPSec VPN tunnel between my  2 PA FWs. The physical interfaces are up but the tunnel is not up. I am a Cisco guy and new to the PA. I am trying to see ipvpn traffic va the Monitor. But I did not see any traffic. How do I check for my ike phase 1 and ipsec phase 2 to make sure that all the parameters and the password matched on both side. Also, how do I need which side is the initiator and which side is the receiver? Thanks

Highlighted
L7 Applicator

hi @jac101

 

have you checked this article: Getting Started: VPN ?

 

you can initiate from one peer by running 

 

> test vpn ike-sa gateway <gateway>

> test vpn ipsec-sa tunnel <value>

 

the best place to start looking is in the 'system' log, the responder should have most information you need to fix configuration mismatches

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L2 Linker

How do I need which FW is the receiver?

Highlighted
L7 Applicator

if you execute the commands on firewall A, firewall B will be the receiver

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L2 Linker

I did the commands from my main FW. So the next step is to go to the remote FW and look at the Monitor. Correct?

 

5220A(active)> test vpn ike-sa gateway PHASE1-gtw2

Start time: Dec.12 10:28:45
Initiate 1 IKE SA.

 

5220A(active)> test vpn ipsec-sa tunnel PHASE2-tunnel

Start time: Dec.12 10:29:18
Initiate 1 IPSec SA for tunnel PHASE2-tunnel.

Highlighted
L7 Applicator

correct, you should now see the negotiation taking place on the remote peer and see more info regarding what is succeeding and what is failing

you can access the system logs and filter for ( subtype eq vpn )

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!