No IPSec-Tunnels after Upgrade from 3.1.7 to 4.01

Showing results for 
Show  only  | Search instead for 
Did you mean: 

No IPSec-Tunnels after Upgrade from 3.1.7 to 4.01

L1 Bithead


we run 8 PA-500s in 8 Branches. After upgrading them from 3.1.7 to 4.0.1 not all IPSec-Tunnels become active.

The Tunnels to the branches with the WAN-Interface connected to SDSL with PPPoE (automatic IP/Netmask/Gateway) stayed inactive, even after more than 12h.The WAN-Interface itself was online, pings to a external addresses were answered.

The IPSec-Tunnels to branches with WAN-Interfaces not connected with PPPoE were active immediately after rebooting the new software version.

Is there a known bug when upgrading IPSec-Tunnels with PPPoE-WAN-Interfaces from 3.1.7 to 4.0.1?

Thanks in advance.


L1 Bithead

Hello again,

the problem was that updating the software from 3.1.7 to 4.0.1 and the necessary reboot/autocommit produced a duplicate line 'ssl-decrypt' in the running (before and after) configuration. After loading the same configuration after the update from the saved file the error was fixed.

  • 1 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!