Phase 2 tunnel is not up

cancel
Showing results for 
Search instead for 
Did you mean: 

Phase 2 tunnel is not up

L3 Networker

One of my clients configure the site to site tunnel from AWS to Palo alto device the phase 1 is able to up but the second phase is not up it is because we didn't  enter the proxy id for or something else i should go for troubleshoot kindly help.

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @FarhanKoujalgi 

Proxy IDs on palo alto side are required to mentioned whenever peer end is acting as Policy based VPN because Palo Alto always act as Route based vpn. Now in order to check if proxy id is causing the issues, you should check the system logs by filtering VPN logs which will give you more clarity on the issue. If issue with proxy ids, you will see logs like proxy-id mismatch / negotiation failed when processing proxy IDProxy ID's need to be identical on both VPN peers for negotiation to be successful. 

Apart from that, I would recommend you to verify the Phase 2 IPSEC parameters, routes for the traffic to be routed from tunnel.

 

Hope it helps!

Mayur

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

Hi @FarhanKoujalgi 

Proxy IDs on palo alto side are required to mentioned whenever peer end is acting as Policy based VPN because Palo Alto always act as Route based vpn. Now in order to check if proxy id is causing the issues, you should check the system logs by filtering VPN logs which will give you more clarity on the issue. If issue with proxy ids, you will see logs like proxy-id mismatch / negotiation failed when processing proxy IDProxy ID's need to be identical on both VPN peers for negotiation to be successful. 

Apart from that, I would recommend you to verify the Phase 2 IPSEC parameters, routes for the traffic to be routed from tunnel.

 

Hope it helps!

Mayur

Hi@SutareMayur

Thank you for your solution and support the tunnel is up while add proper proxy id.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!