This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

site-to-site VPN / no "IKE Info"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.

site-to-site VPN / no "IKE Info"

Go to solution
SARowe_NZ
L3 Networker

‎01-17-2018 03:56 PM

Hey,

 

We have a couple of VPN's which have just been transitioned to the PA firewall. Under network > ipsec tunnels > the VPN status shows as up, but the "IKE info" shows as down, with no info. If I run: "show vpn ike-sa detail gateway" there is nothing listed.

 

If I run "test vpn ipsec-sa tunnel" it brings it up and shows 

 

IKE Phase1 SA:
Cookie: FFAFE29D66F1B89F:ECC8B630093A918E Init
State: Dying
Mode: Main
Authentication: PSK
Proposal: 3DES/SHA1/DH2
NAT: PEER
Message ID: 0, phase 2: 0
Phase 2 SA created : 1
Created: Jan.18 12:47:21, 1 minute 58 seconds ago
Expires: Jan.19 12:47:21

 

If I then run "clear vpn ipsec-sa tunnel" it reverts to the down state, and remains there until I re-run "test..."

 

My concern is that is shows state "Dying" and that at some point soon it will "die" and won't come back without my intervention.

 

Has anyone seen this, or can they please explain what this means and how to resolve?

 

Thanks,

Shannon

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎01-18-2018 12:58 PM - edited ‎01-18-2018 12:58 PM

@SARowe_NZ,

This is normal behavior depending on your tunnel setup. Here is a document that discusses what exactly is going on, but essentially your Phase 1 is down because it doesn't need to be up once Phase2 is operational. 

 

HERE

View solution in original post

1 person found this solution to be helpful.
3 REPLIES 3

Go to solution
BPry
Cyber Elite
Cyber Elite

‎01-18-2018 12:58 PM - edited ‎01-18-2018 12:58 PM

@SARowe_NZ,

This is normal behavior depending on your tunnel setup. Here is a document that discusses what exactly is going on, but essentially your Phase 1 is down because it doesn't need to be up once Phase2 is operational. 

 

HERE

1 person found this solution to be helpful.

Go to solution
SARowe_NZ
L3 Networker
In response to BPry

‎01-18-2018 01:03 PM

Perfect thank you! Suprised those articles did not come up in my searches.

0 Likes Likes

Go to solution
Fahadvu
L1 Bithead

‎01-22-2018 03:38 AM

you will also reset the phases if you face issue.

0 Likes Likes
  • 1 accepted solution
  • 7768 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks