site-to-site VPN / no "IKE Info"

Reply
Highlighted
L3 Networker

site-to-site VPN / no "IKE Info"

Hey,

 

We have a couple of VPN's which have just been transitioned to the PA firewall. Under network > ipsec tunnels > the VPN status shows as up, but the "IKE info" shows as down, with no info. If I run: "show vpn ike-sa detail gateway" there is nothing listed.

 

If I run "test vpn ipsec-sa tunnel" it brings it up and shows 

 

IKE Phase1 SA:
Cookie: FFAFE29D66F1B89F:ECC8B630093A918E Init
State: Dying
Mode: Main
Authentication: PSK
Proposal: 3DES/SHA1/DH2
NAT: PEER
Message ID: 0, phase 2: 0
Phase 2 SA created : 1
Created: Jan.18 12:47:21, 1 minute 58 seconds ago
Expires: Jan.19 12:47:21

 

If I then run "clear vpn ipsec-sa tunnel" it reverts to the down state, and remains there until I re-run "test..."

 

My concern is that is shows state "Dying" and that at some point soon it will "die" and won't come back without my intervention.

 

Has anyone seen this, or can they please explain what this means and how to resolve?

 

Thanks,

Shannon


Accepted Solutions
Highlighted
Cyber Elite

@SARowe_NZ,

This is normal behavior depending on your tunnel setup. Here is a document that discusses what exactly is going on, but essentially your Phase 1 is down because it doesn't need to be up once Phase2 is operational. 

 

HERE

View solution in original post


All Replies
Highlighted
Cyber Elite

@SARowe_NZ,

This is normal behavior depending on your tunnel setup. Here is a document that discusses what exactly is going on, but essentially your Phase 1 is down because it doesn't need to be up once Phase2 is operational. 

 

HERE

View solution in original post

Highlighted
L3 Networker

Perfect thank you! Suprised those articles did not come up in my searches.

Highlighted
L1 Bithead

you will also reset the phases if you face issue.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!