VPN Palo Alto<->Cisco router issue

Reply
Highlighted
L4 Transporter

VPN Palo Alto<->Cisco router issue

Hi,

 

We have a VPN between PA and cisco router. THE VPN is UP but we are having a strange behaviour with Phase1 lifetime.

WHen the lifetime phase1 expired (24hour), the phase1 goes down in CISCO side, and we need to renegotiate pahse1 in order to get up again. These are the events:

 

2020-03-02 12:05:13 [INFO]: ====> PHASE-1 SA LIFETIME EXPIRED <====
====> Expired SA: 1.1.1.1[500]-2.2.2.2[500] cookie:92d6267d5c224c97:fead51a58acac9ee <====
2020-03-02 12:05:13 [INFO]: ====> PHASE-1 SA DELETED <====
====> Deleted SA: 1.1.1.1[500]-2.2.2.2[500] cookie:92d6267d5c224c97:fead51a58acac9ee <====
2020-03-02 12:05:13 [PROTO_ERR]: Informational exchange received from unknown peer.
2020-03-02 12:05:13 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d0c0ffc7ac0c9b69 af758d9ad410ecec (size=16).
2020-03-02 12:05:17 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=f13db2278e1b896c e2a85802cec1c124 (size=16).
2020-03-02 12:05:23 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d0c0ffc7ac0c9b69 af758d9ad410ecec (size=16).
2020-03-02 12:05:27 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=f13db2278e1b896c e2a85802cec1c124 (size=16).
2020-03-02 12:05:33 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d0c0ffc7ac0c9b69 af758d9ad410ecec (size=16).
2020-03-02 12:05:37 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=f13db2278e1b896c e2a85802cec1c124 (size=16).
2020-03-02 12:05:43 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d0c0ffc7ac0c9b69 af758d9ad410ecec (size=16).
2020-03-02 12:05:47 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=f13db2278e1b896c e2a85802cec1c124 (size=16).
2020-03-02 12:05:52 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=d0c0ffc7ac0c9b69 af758d9ad410ecec (size=16).
2020-03-02 12:05:57 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=f13db2278e1b896c e2a85802cec1c124 (size=16).
2020-03-02 12:05:58 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION STARTED AS RESPONDER, MAIN MODE <====

 

WE have DPD enabled with defaulte paramethers, Do you have any idea about this issue in phase1

Highlighted
Cyber Elite

@jesuscano,

The actual error that you have in the logs doesn't point to any one specific issue, but generally it means that there is some sort of configuration mismatch between the two peers. The Cisco logs would actually be the better place to troubleshoot this, as you can see that the PAN isn't getting any response to the R-U-THERE messages that you would expect. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!