Palo Alto - Barracuda IPsec VPN problems

cancel
Showing results for 
Search instead for 
Did you mean: 

Palo Alto - Barracuda IPsec VPN problems

L2 Linker

We've a IPsec-VPN IKEv2 between Palo Alto (10.0.7) and Barracuda (8.0.5-0341) with 10 IPsec tunnels, one VPN-tunnel per subnet-pair, on Palo side "proxy IDs".

At least once every day, some of these ipsec-tunnels go down and can only be forced to come up again with manual "initiate" on Barracuda.
The Palo Alto is set to passive.

Normally, every 35 - 45 minutes a new ipsec-tunnel for a subnet-pair is installed and the old one deleted (logs on both sides). But when the error occurs, the newly established ipsec-tunnel is deleted immediatly (in the same second) after is has been installed.
These logs also are seen on both ends of the tunnel, so it can not be sayed  which end causes the problem and why.
Then it is down until manual "initiate".
Any ideas?
Of course we checked timers, subnets and masks etc.
Thanks.

10 REPLIES 10

Cyber Elite
Cyber Elite

Hello,

When the tunnels go down, is there lack of traffic? Meaning some devices, not sure about Barracuda, will drop tunnels if no traffic is going across them. If you setup tunnel monitor, the PAN will send a ping periodically across the tunnel to help keep it up.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/vpns/set-up-site-to-site-vpn/set-up-tunne...

 

Hope that helps.

L2 Linker

Thanks four reply.
But we already are pinging through some of the tunnels (5 minutes intervall) and there it also happens.
And I think the ipsec-tunnel should be coming up when traffic is going through it, even when there was some time without traffic, otherwise it is useless.

Hey 🙂

 

We have the same issue. Could you figure out what the problem was?

Unfortunately not. We moved from Barracuda (Azure cloud) to the Azure-VPN-GW

Hmm 😞 We have a F280 on Prem at our office and have the issue you have described with a palo alto on the other side. 

 

A fix would be great 🙂 Or when someone has an idea.

 

The question in my opinion is which firewall causes this. Barracuda or Palo.

Cyber Elite
Cyber Elite

Hello,

I just reread the initial issue, any reason you have 10 tunnels between the two devices? 1 is sufficient, its all encrypted.

Regards,

We have only 1 Tunnel with 8 local networks as an IKEv2 Tunnel.

 

But we have the same problem as in the beginning question.

We run a Barracuda F280. The other Side has a Palo Alto PA-5250

L1 Bithead

So no one has an idea ?

Cyber Elite
Cyber Elite

Hello,

The only other thing I could suggest is to try Ikev1.

Regards,

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!