04-09-2025 07:57 AM
After upgrading to the pa-850 10.2.13-H3 version, problems started occurring in one of the ISPs. There are 3 ISPs, the first two main ones and the third one as a secondary ISP which manages the VPNS. After the upgrade the configuration was maintained and there were no changes (administrative and metric distance), suddenly they started to fail causing issues in the third ISP in which all VPNs go down.
The administrative distance is changed to 15 and metric 25 The main ISPs are set to AD 10 and metric 25, but it did work VPNs were down again. Until we configured everthing with the same administrative distance and metric , it started working properly.
These were the changes made
Disable default route monitoring (monitoring to 1.1.1.1 and 8.8.8.8.8) activated 2-3 weeks ago
Changed the ECMP balancing algorithm from Balanced Round Robin to IP modulo 1-2 months ago
04-09-2025 08:21 AM
Hello,
Check the logs to see what interface the traffic is trying to exit from. I'm guessing here but think it could be a routing issue or a bug. Double check the routes and open a case if everything looks correct.
Regards,
04-10-2025 05:00 PM
I already opened a case and their recommendation was to create a VPN using the peer IP address. It is weird because it was working with the same configuration previously.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
