Site to site vpn issue

Reply
Highlighted
L1 Bithead

Site to site vpn issue

Dear Team,

I have one site 2 site VPN tunnel b/w Paloalto and cisco. some time i can see the tunnel is going automatic down and after some time it will come automatically. 

I have checked ikemgr and system logs but i am not able to find exact issue why its going up and down. can any one help me this below is the logs.

I was doing troubleshooting the tunnel is getting up around after 14PM 24/06/20. before, that tunnel was down.

 

 

6/24/2020 15:20ikev2-nego-ike-dpd-dnHQ-plant-IKEIKEv2 IKE SA is down determined by DPD.
6/24/2020 15:20ikev2-nego-stale-p2HQ-plant-IKEDeleting a possible stale IKEv2 child SA. SPI:82f88aa410302a7e:0cd4c240164e1c7a.
6/24/2020 15:15ikev2-nego-ike-dpd-dnHQ-plant-IKEIKEv2 IKE SA is down determined by DPD.
6/24/2020 15:15ikev2-nego-stale-p2HQ-plant-IKEDeleting a possible stale IKEv2 child SA. SPI:893a8d43cd46cf82:cedaf8d37019d93e.
6/24/2020 15:13ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:4115b19237fc0d3b:ac848b7bbdba80d9 lifetime 86400 Sec.
6/24/2020 15:13ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001, SPI:0xBE6B1691/0x72E47F7D.
6/24/2020 15:13ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xBE6B1691/0x72E47F7D lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:13ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001.
6/24/2020 15:13ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.215.137[55278] SPI:4115b19237fc0d3b:ac848b7bbdba80d9.
6/24/2020 15:13ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xE64F9FE7/0x3E766B40.
6/24/2020 15:13ikev2-recv-p1-deleteHQ-plant-IKEIKEv2 IKE SA delete message received from peer. SPI:bccbed4264d88891:8756afa854724cad.
6/24/2020 15:13ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000004, SPI:0xE64F9FE7/0x3E766B40.
6/24/2020 15:13ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xE64F9FE7/0x3E766B40 lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:13ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000004.
6/24/2020 15:13ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 15:13ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xFBE8A6C9/0x58CD17E4.
6/24/2020 15:13ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 15:13ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xE1372475/0x0C97DEA4.
6/24/2020 15:13ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xE1372475.
6/24/2020 15:13ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:bccbed4264d88891:8756afa854724cad lifetime 86400 Sec.
6/24/2020 15:13ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001, SPI:0xFBE8A6C9/0x58CD17E4.
6/24/2020 15:13ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.215.137[56026] SPI:0xFBE8A6C9/0x58CD17E4 lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:13ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.215.137[56026] message id:0x00000001.
6/24/2020 15:13ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.215.137[55278] SPI:bccbed4264d88891:8756afa854724cad.
6/24/2020 15:10ikev2-nego-ike-dpd-dnHQ-plant-IKEIKEv2 IKE SA is down determined by DPD.
6/24/2020 15:10ikev2-nego-stale-p2HQ-plant-IKEDeleting a possible stale IKEv2 child SA. SPI:fd353250019500f5:105e4ef193bc6908.
6/24/2020 15:08ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:82f88aa410302a7e:0cd4c240164e1c7a lifetime 86400 Sec.
6/24/2020 15:08ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001, SPI:0xE1372475/0x0C97DEA4.
6/24/2020 15:08ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xE1372475/0x0C97DEA4 lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:08ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001.
6/24/2020 15:08ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.209.95[36586] SPI:82f88aa410302a7e:0cd4c240164e1c7a.
6/24/2020 15:08ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xF1819832/0x72F22F2B.
6/24/2020 15:08ikev2-recv-p1-deleteHQ-plant-IKEIKEv2 IKE SA delete message received from peer. SPI:6bfbe5c97d2636ba:d7da72ea46fa021b.
6/24/2020 15:08ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0x8CBD5A29/0x3A1FDE07.
6/24/2020 15:08ikev2-send-p2-deleteHQ-plant-IKE:Proxy-2IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x8CBD5A29.
6/24/2020 15:08ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000004, SPI:0xF1819832/0x72F22F2B.
6/24/2020 15:08ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xF1819832/0x72F22F2B lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:08ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000004.
6/24/2020 15:08ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 15:08ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xB95CCBB4/0x1C0341EC.
6/24/2020 15:08ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 15:08ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0xDE1ACEB9/0x5C110CE5.
6/24/2020 15:08ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xDE1ACEB9.
6/24/2020 15:08ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:6bfbe5c97d2636ba:d7da72ea46fa021b lifetime 86400 Sec.
6/24/2020 15:08ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001, SPI:0xB95CCBB4/0x1C0341EC.
6/24/2020 15:08ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.209.95[37854] SPI:0xB95CCBB4/0x1C0341EC lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:08ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.209.95[37854] message id:0x00000001.
6/24/2020 15:08ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.209.95[36586] SPI:6bfbe5c97d2636ba:d7da72ea46fa021b.
6/24/2020 15:03ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0x91C63031/0x471A6122.
6/24/2020 15:03ikev2-send-p2-deleteHQ-plant-IKE:Proxy-2IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x91C63031.
6/24/2020 15:03ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000002, SPI:0x8CBD5A29/0x3A1FDE07.
6/24/2020 15:03ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0x8CBD5A29/0x3A1FDE07 lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:03ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000002.
6/24/2020 15:03ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xE8E16610/0x2D1D71E1.
6/24/2020 15:03ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xE8E16610.
6/24/2020 15:03ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:893a8d43cd46cf82:cedaf8d37019d93e lifetime 86400 Sec.
6/24/2020 15:03ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000001, SPI:0xDE1ACEB9/0x5C110CE5.
6/24/2020 15:03ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.199.212[12628] SPI:0xDE1ACEB9/0x5C110CE5 lifetime 3600 Sec lifesize unlimited.
6/24/2020 15:03ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.199.212[12628] message id:0x00000001.
6/24/2020 15:03ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-37.211.199.212[11296] SPI:893a8d43cd46cf82:cedaf8d37019d93e.
6/24/2020 14:22ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000002, SPI:0x91C63031/0x471A6122.
6/24/2020 14:22ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0x91C63031/0x471A6122 lifetime 3600 Sec lifesize unlimited.
6/24/2020 14:22ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000002.
6/24/2020 14:21ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:fd353250019500f5:105e4ef193bc6908 lifetime 86400 Sec.
6/24/2020 14:21ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001, SPI:0xE8E16610/0x2D1D71E1.
6/24/2020 14:21ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xE8E16610/0x2D1D71E1 lifetime 3600 Sec lifesize unlimited.
6/24/2020 14:21ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001.
6/24/2020 14:21ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.133.128[26378] SPI:fd353250019500f5:105e4ef193bc6908.
6/24/2020 14:21ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xEAC183EE/0x6CCCB216.
6/24/2020 14:21ikev2-recv-p1-deleteHQ-plant-IKEIKEv2 IKE SA delete message received from peer. SPI:fa700d2a94a781fc:dfe70cca0e997cd5.
6/24/2020 14:21ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000004, SPI:0xEAC183EE/0x6CCCB216.
6/24/2020 14:21ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xEAC183EE/0x6CCCB216 lifetime 3600 Sec lifesize unlimited.
6/24/2020 14:21ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000004.
6/24/2020 14:21ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 14:21ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xA03D2A78/0x03C683DF.
6/24/2020 14:21ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 14:21ikev2-nego-ike-succHQ-plant-IKEIKEv2 IKE SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:fa700d2a94a781fc:dfe70cca0e997cd5 lifetime 86400 Sec.
6/24/2020 14:21ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001, SPI:0xA03D2A78/0x03C683DF.
6/24/2020 14:21ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-176.203.133.128[26592] SPI:0xA03D2A78/0x03C683DF lifetime 3600 Sec lifesize unlimited.
6/24/2020 14:21ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-176.203.133.128[26592] message id:0x00000001.
6/24/2020 14:21ikev2-nego-ike-startHQ-plant-IKEIKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[500]-176.203.133.128[27287] SPI:fa700d2a94a781fc:dfe70cca0e997cd5.
6/24/2020 13:03ikev2-nego-ike-dpd-dnHQ-plant-IKEIKEv2 IKE SA is down determined by DPD.
6/24/2020 13:03ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8CF361D9/0x61612BD2.
6/24/2020 13:03ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xB35B0973/0x63D3D179.
6/24/2020 13:03ikev2-nego-stale-p2HQ-plant-IKEDeleting a possible stale IKEv2 child SA. SPI:9f160462a2824601:d292b97d06459d50.
6/24/2020 12:48ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D28, SPI:0x8CF361D9/0x61612BD2.
6/24/2020 12:48ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8CF361D9/0x61612BD2 lifetime 3600 Sec lifesize unlimited.
6/24/2020 12:48ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D28.
6/24/2020 12:48ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 12:48ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC.
6/24/2020 12:48ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xAEA25B00.
6/24/2020 12:48ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC.
6/24/2020 12:47ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D27, SPI:0xB35B0973/0x63D3D179.
6/24/2020 12:47ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xB35B0973/0x63D3D179 lifetime 3600 Sec lifesize unlimited.
6/24/2020 12:47ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000D27.
6/24/2020 12:47ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 12:47ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572.
6/24/2020 12:47ikev2-send-p2-deleteHQ-plant-IKE:Proxy-2IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xD5D6EBCA.
6/24/2020 12:47ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572.
6/24/2020 11:48ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD7, SPI:0xAEA25B00/0xB0CC9BDC.
6/24/2020 11:48ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xAEA25B00/0xB0CC9BDC lifetime 3600 Sec lifesize unlimited.
6/24/2020 11:48ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD7.
6/24/2020 11:48ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 11:48ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D.
6/24/2020 11:48ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x93EE3C46.
6/24/2020 11:48ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D.
6/24/2020 11:47ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD6, SPI:0xD5D6EBCA/0x73CB8572.
6/24/2020 11:47ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD5D6EBCA/0x73CB8572 lifetime 3600 Sec lifesize unlimited.
6/24/2020 11:47ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000BD6.
6/24/2020 11:47ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 11:47ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA.
6/24/2020 11:47ikev2-send-p2-deleteHQ-plant-IKE:Proxy-2IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0xD7FBB432.
6/24/2020 11:47ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA.
6/24/2020 10:48ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A87, SPI:0x93EE3C46/0x87F3554D.
6/24/2020 10:48ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x93EE3C46/0x87F3554D lifetime 3600 Sec lifesize unlimited.
6/24/2020 10:48ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A87.
6/24/2020 10:48ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 10:48ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8E16C6AB/0x4B22CCEE.
6/24/2020 10:48ikev2-send-p2-deleteHQ-plant-IKE:Proxy-1IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x8E16C6AB.
6/24/2020 10:48ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x8E16C6AB/0x4B22CCEE.
6/24/2020 10:47ikev2-nego-child-succHQ-plant-IKEIKEv2 child SA negotiation is succeeded as responder, non-rekey. Established SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A86, SPI:0xD7FBB432/0x597822DA.
6/24/2020 10:47ipsec-key-installHQ-plant-IKEIPSec key installed. Installed SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0xD7FBB432/0x597822DA lifetime 3600 Sec lifesize unlimited.
6/24/2020 10:47ikev2-nego-child-startHQ-plant-IKEIKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 172.17.250.1[4500]-37.211.196.214[29240] message id:0x00000A86.
6/24/2020 10:47ikev2-recv-p2-deleteHQ-plant-IKEIKEv2 IPSec SA delete message received from peer. Protocol ESP, Num of SPI: 1.
6/24/2020 10:47ipsec-key-deleteHQ-plant-IKEIPSec key deleted. Deleted SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x917C009B/0xE60F38BF.
6/24/2020 10:47ikev2-send-p2-deleteHQ-plant-IKE:Proxy-2IKEv2 IPSec SA delete message sent to peer. Protocol:ESP, SPI:0x917C009B.
6/24/2020 10:47ipsec-key-expireHQ-plant-IKEIPSec key lifetime expired. Expired SA: 172.17.250.1[4500]-37.211.196.214[29240] SPI:0x917C009B/0xE60F38BF.

 

I was doing troubleshooting the tunnel is getting up around after 14PM 24/06/20 before ,that tunnel was down.

 

Highlighted
Cyber Elite

Re: Site to site vpn issue

@jafar.hussain,

On Cisco equipment it will bring the tunnel down if there isn't interesting traffic that needs to traverse the tunnel. You can add vpn-idle-timeout none on the group policy you are using on your Cisco side to keep the tunnel from timing out. 

Highlighted
L1 Bithead

Re: Site to site vpn issue

@BPry 

Thanks for your quick response, it means the issue from the cisco side. 

Means we need to allow continues ping from the cisco side through the tunnel?

How you identify this can you please give me some guidance from your side. 

Highlighted
Cyber Elite

Re: Site to site vpn issue

Hello,

Another thing you can do is setup tunnel monitoring on the Palo Alto to a device behind the Cisco that you know should always be up, i.e. a switch. What this will do is the PAN will send a ping across the tunnel to the switch. The Cisco will then see 'interesting' traffic and keep the tunnel up. Its the Cisco that will bring the tunnel down if it does not see/passing any traffic.

 

Hope that helps.

Highlighted
L1 Bithead

Re: Site to site vpn issue

@OtakarKlier @BPry  Thanks for the suggestion.

Now in this log i am not able to identify it is issue from paloalto side or cisco side.

because the remote side according to cisco team there is no issue from cisco firewall.

 

Highlighted
Cyber Elite

Re: Site to site vpn issue

Hello,

Its not an issue, its just how the Cisco devices behave by design. They will drop the VPN if there is no traffic over it. 

 

Hope that helps.

Highlighted
L1 Bithead

Re: Site to site vpn issue

@OtakarKlier 

 i know this is not a valid question the same question asked before, sorry to repeat again it means i need to allow continues pinging from cisco side to Paloalto side.

Highlighted
Cyber Elite

Re: Site to site vpn issue

Hello,

It honestly doesnt matter which side is sending the pings. As long as they are continuous. I just suggested the Palo Alto since that is what the tunnel monitor does. If you have another system that can perform this, I say go for it.

 

Hope that makes sense.

Highlighted
L1 Bithead

Re: Site to site vpn issue

@OtakarKlier Thank you so much appreciate your help.

 I will enable tunnel monitoring.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!