06-13-2018 09:03 AM
Hi,
We are getting packet drops on traffic going through IPsec tunnel.We have checked ISP link but there is no drops on ISP link even no load on it. Tunnel is aslo up but getting intermittent drops on traffic goint on IPsec tunnel.
We have checked both end firewall but no sucesses.
Kindly help.ule
Thnaks & Regard
Pradeep Chaugule
06-17-2018 11:22 PM
Hi,
We have checking connectivity by pinging remote server IP which is located in UK southampton (Head Office), which is connected through tunnl. However we have rectify the problem , the problem is in remote firewall, its not stable, having a performance issue. Remote engineer will trying to resolve issue by shifting tunnle to another firewall.
Thanks for your support.
Regards,
Pradeep
06-13-2018 11:13 AM - edited 06-13-2018 11:17 AM
Run the command 'show vpn flow name <value>' and post the output.
May also want to verify global counters with the porper filters on both ends to see if there are any errors or discards. 'show counter global filter severity drop aspect tunnel category flow'
06-13-2018 06:11 PM
Have you tried to perfom a connectivity test from public to public IP (no encrytion)? Is it running fine?
Palo Alto has automatic MTU adjustment, what about your rmeote VPN device?
Can you run show global counters for erros and drops? That will give you evidence about the type of drops in the firewall and possible cause.
06-14-2018 02:23 AM
Hi,
Thanks for reply , Please find the below "show vpn flow name <value>" and 'show counter global filter severity drop aspect tunnel category flow' command output.
06-14-2018 06:21 AM
The only thing that really sticks out on any of that too my eyes is that fact that you have 9 replay packets. How exactly have you identified that you are dropping the packets on the tunnel? Have you taken a PCAP on both ends to verify that the end device in question isn't dropping the traffic?
06-14-2018 06:30 AM
I agree.
Could you please ellaborate more about how did you identify the packet loss?
06-17-2018 11:22 PM
Hi,
We have checking connectivity by pinging remote server IP which is located in UK southampton (Head Office), which is connected through tunnl. However we have rectify the problem , the problem is in remote firewall, its not stable, having a performance issue. Remote engineer will trying to resolve issue by shifting tunnle to another firewall.
Thanks for your support.
Regards,
Pradeep
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
