We have a couple of VPN's which have just been transitioned to the PA firewall. Under network > ipsec tunnels > the VPN status shows as up, but the "IKE info" shows as down, with no info. If I run: "show vpn ike-sa detail gateway" there is nothing listed.
If I run "test vpn ipsec-sa tunnel" it brings it up and shows
IKE Phase1 SA:
Cookie: FFAFE29D66F1B89F:ECC8B630093A918E Init
Message ID: 0, phase 2: 0
Phase 2 SA created : 1
Created: Jan.18 12:47:21, 1 minute 58 seconds ago
Expires: Jan.19 12:47:21
If I then run "clear vpn ipsec-sa tunnel" it reverts to the down state, and remains there until I re-run "test..."
My concern is that is shows state "Dying" and that at some point soon it will "die" and won't come back without my intervention.
Has anyone seen this, or can they please explain what this means and how to resolve?
Solved! Go to Solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!