- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-20-2017 11:32 PM
hey all
i have a 2 sites and we have between them 2 VPN tunnels (different ISPs) and on top of the VPN i am running OSPF
for some reason i see a lot of times that the IKE Gateway status is RED , but on the SSH i do see that i have an IKE-SA.
what i notice is that after i run "test vpn ike-sa gateway Boston-HOT" on one PA the status goes to GREEN , after i run "clear vpn ike-sa gateway Boston-HOT" it goes to RED but i still have the IKE-SA between the PAs, also while "RED" te OSPF peer seems to still be availible using both of the tunnel interface
is this make sense?
02-21-2017 12:04 AM - edited 02-21-2017 12:04 AM
The situation when phase 1 has expired and phase 2 is alive (and VPN working) is normal:
test vpn ike-sa gateway Boston-HOT tries to establish phase 1 so that will make it go green (if parameters are ok)
clear vpn ike-sa gateway Boston-HOT will delete phase 1 but leaves phase 2 as it is. So yeah, this will make phase 1 red again but leave phase 2 and SA as it is.
02-21-2017 01:02 AM - edited 02-21-2017 07:54 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!