Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

IPsec Vpn tunnel was down

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

IPsec Vpn tunnel was down

L1 Bithead

PA-850- 8.0.6-h3  Customer complains IPsec  was down how can i check it on gui sytem logs or via cli.

 

Ihave checked the Moniter>system logs and  couldnt find any logs  related to "tunnel-status-down"

Thanks,

Ranji

4 REPLIES 4

Cyber Elite
Cyber Elite

In the GUI tunnel status is displayed under Network > IPSec Tunnels. 

The CLI is where I like to look at this simply because it gives you more information.

show vpn ike-sa gateway <gatway-name>

show vpn ipsec-sa tunnel <tunnel-name> 

 

When you setup an IPSec tunnel I would always recommend that you monitor the tunnel through IPs assigned to the tunnel interface or by monitoring an IP address local to the other side such as the firewall management IP itself. This will ensure that you are always alerted if the tunnel maybe doesn't actually go down, but stops properly passing traffic for whatever reason. 

Hi Bpry,

 

Appreciated  for your comments..& noted your suggestions!!

 

Actually the issue with  solarwinds reporting all the branch network devices were down at early morning around 5.25 am.

it is reported today also almost simlar time & suspect ipsec tunnel might gone down during this time. I noticed that dynamic updates scheduled to  install almost same time, but no conclusion & clues.

 

 

Regards,

R@nji

Hello,

Check the system logs around that time and filter by type VPN to see if there is a coorelation. Also check your polling interval in solarwinds. I also use it to monitor my VPN tunnels, but have it set to poll every 1 min that way I dont get alerts to minor things that were automatically corrected. Also check with the ISP to see if they have routing maintenance? I have seen weirder things in the past.

 

Regards,

Hi All

Its been escalated to support. They verified that there logs and confirmed no issues with palo alto.
Thanks
Ranji
  • 3985 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!