06-26-2020 01:11 PM
Dear Team,
I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically.
I have checked ikemgr and system logs but i am not able to find exact issue why its going up and down. can any one help me this below is the logs.
I was doing troubleshooting the tunnel is getting up around after 14PM 24/06/20. before, that tunnel was down.
| 6/24/2020 15:20 | ikev2-nego-ike-dpd-dn | HQ-plant-IKE | IKEv2 IKE SA is down determined by DPD. |
| 6/24/2020 15:20 | ikev2-nego-stale-p2 | HQ-plant-IKE | Deleting a possible stale IKEv2 child SA. SPI:82f88aa410302a7e:0cd4c240164e1c7a. |
| 6/24/2020 15:15 | ikev2-nego-ike-dpd-dn | HQ-plant-IKE | IKEv2 IKE SA is down determined by DPD. |
| 6/24/2020 15:15 | ikev2-nego-stale-p2 | HQ-plant-IKE | Deleting a possible stale IKEv2 child SA. SPI:893a8d43cd46cf82:cedaf8d37019d93e. |
| 6/24/2020 15:13 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:4115b19237fc0d3b:ac848b7bbdba80d9 lifetime 86400 Sec. |
| 6/24/2020 15:13 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001, SPI:0xBE6B1691/0x72E47F7D. |
| 6/24/2020 15:13 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xBE6B1691/0x72E47F7D lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:13 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001. |
| 6/24/2020 15:13 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.215.137[55278] SPI:4115b19237fc0d3b:ac848b7bbdba80d9. |
| 6/24/2020 15:13 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xE64F9FE7/0x3E766B40. |
| 6/24/2020 15:13 | ikev2-recv-p1-delete | HQ-plant-IKE | IKEv2 IKE SA delete message received from peer. SPI:bccbed4264d88891:8756afa854724cad. |
| 6/24/2020 15:13 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000004, SPI:0xE64F9FE7/0x3E766B40. |
| 6/24/2020 15:13 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xE64F9FE7/0x3E766B40 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:13 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000004. |
| 6/24/2020 15:13 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 15:13 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xFBE8A6C9/0x58CD17E4. |
| 6/24/2020 15:13 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 15:13 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xE1372475/0x0C97DEA4. |
| 6/24/2020 15:13 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xE1372475. |
| 6/24/2020 15:13 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:bccbed4264d88891:8756afa854724cad lifetime 86400 Sec. |
| 6/24/2020 15:13 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001, SPI:0xFBE8A6C9/0x58CD17E4. |
| 6/24/2020 15:13 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xFBE8A6C9/0x58CD17E4 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:13 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001. |
| 6/24/2020 15:13 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.215.137[55278] SPI:bccbed4264d88891:8756afa854724cad. |
| 6/24/2020 15:10 | ikev2-nego-ike-dpd-dn | HQ-plant-IKE | IKEv2 IKE SA is down determined by DPD. |
| 6/24/2020 15:10 | ikev2-nego-stale-p2 | HQ-plant-IKE | Deleting a possible stale IKEv2 child SA. SPI:fd353250019500f5:105e4ef193bc6908. |
| 6/24/2020 15:08 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:82f88aa410302a7e:0cd4c240164e1c7a lifetime 86400 Sec. |
| 6/24/2020 15:08 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001, SPI:0xE1372475/0x0C97DEA4. |
| 6/24/2020 15:08 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xE1372475/0x0C97DEA4 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:08 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001. |
| 6/24/2020 15:08 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.209.95[36586] SPI:82f88aa410302a7e:0cd4c240164e1c7a. |
| 6/24/2020 15:08 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xF1819832/0x72F22F2B. |
| 6/24/2020 15:08 | ikev2-recv-p1-delete | HQ-plant-IKE | IKEv2 IKE SA delete message received from peer. SPI:6bfbe5c97d2636ba:d7da72ea46fa021b. |
| 6/24/2020 15:08 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0x8CBD5A29/0x3A1FDE07. |
| 6/24/2020 15:08 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-2 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x8CBD5A29. |
| 6/24/2020 15:08 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000004, SPI:0xF1819832/0x72F22F2B. |
| 6/24/2020 15:08 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xF1819832/0x72F22F2B lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:08 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000004. |
| 6/24/2020 15:08 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 15:08 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xB95CCBB4/0x1C0341EC. |
| 6/24/2020 15:08 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 15:08 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0xDE1ACEB9/0x5C110CE5. |
| 6/24/2020 15:08 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xDE1ACEB9. |
| 6/24/2020 15:08 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:6bfbe5c97d2636ba:d7da72ea46fa021b lifetime 86400 Sec. |
| 6/24/2020 15:08 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001, SPI:0xB95CCBB4/0x1C0341EC. |
| 6/24/2020 15:08 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xB95CCBB4/0x1C0341EC lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:08 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001. |
| 6/24/2020 15:08 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.209.95[36586] SPI:6bfbe5c97d2636ba:d7da72ea46fa021b. |
| 6/24/2020 15:03 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0x91C63031/0x471A6122. |
| 6/24/2020 15:03 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-2 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x91C63031. |
| 6/24/2020 15:03 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000002, SPI:0x8CBD5A29/0x3A1FDE07. |
| 6/24/2020 15:03 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0x8CBD5A29/0x3A1FDE07 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:03 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000002. |
| 6/24/2020 15:03 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xE8E16610/0x2D1D71E1. |
| 6/24/2020 15:03 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xE8E16610. |
| 6/24/2020 15:03 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:893a8d43cd46cf82:cedaf8d37019d93e lifetime 86400 Sec. |
| 6/24/2020 15:03 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000001, SPI:0xDE1ACEB9/0x5C110CE5. |
| 6/24/2020 15:03 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0xDE1ACEB9/0x5C110CE5 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 15:03 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000001. |
| 6/24/2020 15:03 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-37.211.199.212[11296] SPI:893a8d43cd46cf82:cedaf8d37019d93e. |
| 6/24/2020 14:22 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000002, SPI:0x91C63031/0x471A6122. |
| 6/24/2020 14:22 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0x91C63031/0x471A6122 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 14:22 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000002. |
| 6/24/2020 14:21 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:fd353250019500f5:105e4ef193bc6908 lifetime 86400 Sec. |
| 6/24/2020 14:21 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001, SPI:0xE8E16610/0x2D1D71E1. |
| 6/24/2020 14:21 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xE8E16610/0x2D1D71E1 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 14:21 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001. |
| 6/24/2020 14:21 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.133.128[26378] SPI:fd353250019500f5:105e4ef193bc6908. |
| 6/24/2020 14:21 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xEAC183EE/0x6CCCB216. |
| 6/24/2020 14:21 | ikev2-recv-p1-delete | HQ-plant-IKE | IKEv2 IKE SA delete message received from peer. SPI:fa700d2a94a781fc:dfe70cca0e997cd5. |
| 6/24/2020 14:21 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000004, SPI:0xEAC183EE/0x6CCCB216. |
| 6/24/2020 14:21 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xEAC183EE/0x6CCCB216 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 14:21 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000004. |
| 6/24/2020 14:21 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 14:21 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xA03D2A78/0x03C683DF. |
| 6/24/2020 14:21 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 14:21 | ikev2-nego-ike-succ | HQ-plant-IKE | IKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:fa700d2a94a781fc:dfe70cca0e997cd5 lifetime 86400 Sec. |
| 6/24/2020 14:21 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001, SPI:0xA03D2A78/0x03C683DF. |
| 6/24/2020 14:21 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xA03D2A78/0x03C683DF lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 14:21 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001. |
| 6/24/2020 14:21 | ikev2-nego-ike-start | HQ-plant-IKE | IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.133.128[27287] SPI:fa700d2a94a781fc:dfe70cca0e997cd5. |
| 6/24/2020 13:03 | ikev2-nego-ike-dpd-dn | HQ-plant-IKE | IKEv2 IKE SA is down determined by DPD. |
| 6/24/2020 13:03 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8CF361D9/0x61612BD2. |
| 6/24/2020 13:03 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xB35B0973/0x63D3D179. |
| 6/24/2020 13:03 | ikev2-nego-stale-p2 | HQ-plant-IKE | Deleting a possible stale IKEv2 child SA. SPI:9f160462a2824601:d292b97d06459d50. |
| 6/24/2020 12:48 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D28, SPI:0x8CF361D9/0x61612BD2. |
| 6/24/2020 12:48 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8CF361D9/0x61612BD2 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 12:48 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D28. |
| 6/24/2020 12:48 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 12:48 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC. |
| 6/24/2020 12:48 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xAEA25B00. |
| 6/24/2020 12:48 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC. |
| 6/24/2020 12:47 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D27, SPI:0xB35B0973/0x63D3D179. |
| 6/24/2020 12:47 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xB35B0973/0x63D3D179 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 12:47 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D27. |
| 6/24/2020 12:47 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 12:47 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572. |
| 6/24/2020 12:47 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-2 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xD5D6EBCA. |
| 6/24/2020 12:47 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572. |
| 6/24/2020 11:48 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD7, SPI:0xAEA25B00/0xB0CC9BDC. |
| 6/24/2020 11:48 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 11:48 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD7. |
| 6/24/2020 11:48 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 11:48 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D. |
| 6/24/2020 11:48 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x93EE3C46. |
| 6/24/2020 11:48 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D. |
| 6/24/2020 11:47 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD6, SPI:0xD5D6EBCA/0x73CB8572. |
| 6/24/2020 11:47 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572 lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 11:47 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD6. |
| 6/24/2020 11:47 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 11:47 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA. |
| 6/24/2020 11:47 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-2 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xD7FBB432. |
| 6/24/2020 11:47 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA. |
| 6/24/2020 10:48 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A87, SPI:0x93EE3C46/0x87F3554D. |
| 6/24/2020 10:48 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 10:48 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A87. |
| 6/24/2020 10:48 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 10:48 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8E16C6AB/0x4B22CCEE. |
| 6/24/2020 10:48 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-1 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x8E16C6AB. |
| 6/24/2020 10:48 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8E16C6AB/0x4B22CCEE. |
| 6/24/2020 10:47 | ikev2-nego-child-succ | HQ-plant-IKE | IKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A86, SPI:0xD7FBB432/0x597822DA. |
| 6/24/2020 10:47 | ipsec-key-install | HQ-plant-IKE | IPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA lifetime 3600 Sec lifesize unlimited. |
| 6/24/2020 10:47 | ikev2-nego-child-start | HQ-plant-IKE | IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A86. |
| 6/24/2020 10:47 | ikev2-recv-p2-delete | HQ-plant-IKE | IKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1. |
| 6/24/2020 10:47 | ipsec-key-delete | HQ-plant-IKE | IPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x917C009B/0xE60F38BF. |
| 6/24/2020 10:47 | ikev2-send-p2-delete | HQ-plant-IKE:Proxy-2 | IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x917C009B. |
| 6/24/2020 10:47 | ipsec-key-expire | HQ-plant-IKE | IPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x917C009B/0xE60F38BF. |
I was doing troubleshooting the tunnel is getting up around after 14PM 24/06/20 before ,that tunnel was down.
06-26-2020 01:34 PM
On Cisco equipment it will bring the tunnel down if there isn't interesting traffic that needs to traverse the tunnel. You can add vpn-idle-timeout none on the group policy you are using on your Cisco side to keep the tunnel from timing out.
06-26-2020 01:48 PM
Thanks for your quick response, it means the issue from the cisco side.
Means we need to allow continues ping from the cisco side through the tunnel?
How you identify this can you please give me some guidance from your side.
06-26-2020 02:04 PM
Hello,
Another thing you can do is setup tunnel monitoring on the Palo Alto to a device behind the Cisco that you know should always be up, i.e. a switch. What this will do is the PAN will send a ping across the tunnel to the switch. The Cisco will then see 'interesting' traffic and keep the tunnel up. Its the Cisco that will bring the tunnel down if it does not see/passing any traffic.
Hope that helps.
06-26-2020 02:12 PM
@OtakarKlier @BPry Thanks for the suggestion.
Now in this log i am not able to identify it is issue from paloalto side or cisco side.
because the remote side according to cisco team there is no issue from cisco firewall.
06-26-2020 02:15 PM
Hello,
Its not an issue, its just how the Cisco devices behave by design. They will drop the VPN if there is no traffic over it.
Hope that helps.
06-26-2020 02:22 PM
i know this is not a valid question the same question asked before, sorry to repeat again it means i need to allow continues pinging from cisco side to Paloalto side.
06-26-2020 02:24 PM
Hello,
It honestly doesnt matter which side is sending the pings. As long as they are continuous. I just suggested the Palo Alto since that is what the tunnel monitor does. If you have another system that can perform this, I say go for it.
Hope that makes sense.
06-26-2020 02:28 PM
@OtakarKlier Thank you so much appreciate your help.
I will enable tunnel monitoring.
05-29-2021 10:17 AM
Salam Aleykum,
@jafar.hussain Did you reslove the issue?
I am facing similar issue with Ikev1 between PaloAlto and Cisco Asa.
02-12-2022 04:12 AM
Samir,
If you are still not sure what to do, the responder is suggesting setting up tunnel monitoring from the PA FW to a device on the far side of the tunnel behind the Cisco device. this will create traffic and prevent the ASA from closing the tunnel due to inactivity and allowing proactive monitoring of the tunnel up/down status
Br,
Yaakov (Kobi) H
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
