This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN tunnel is getting dropped

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VPN tunnel is getting dropped

fatboy1607
L4 Transporter

‎02-27-2015 12:11 AM

we are seeing tunnel drop with below error message.

IKE phase-1 SA is deleted SA: 1.1.1.1[500]-2.2.2.2[500] cookie:191098e4ef6db35d:eba9ee89ff200b07

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
2 people had this problem.
0 Likes Likes
6 REPLIES 6

hshah
L6 Presenter

‎02-27-2015 08:02 AM

Hi Mandar,

This much logs are not enough to identify root cause. Please follow bellow method to get more meaningful logs.

1. open to ssh session to firewall.

2. execute "test vpn ike-vpn" on one  firewall session.

3. execute "tail follow yes mp-log ike-mgr" on another firewall session. Wait untill phase-1 is deleted.

4. Provide me output for 3.

Other option is to provide time stamp for tunnel down event and provide me full output for "less mp-log ike-mgr"

Regards,

Hardik Shah

kattaullah
L3 Networker

‎02-27-2015 08:42 AM

Hello Mandar

Below is the link to very helpful document to troubleshoot VPN connectivity issues.

How to Troubleshoot VPN Connectivity Issues

Hope that helps.

Regards

Khan

Note: Please mark any correct or helpful answers

fatboy1607
L4 Transporter
In response to hshah

‎02-28-2015 07:21 AM

DomainReceive TimeSerial #TypeThreat/Content TypeConfig VersionGenerate TimeVirtual SystemeventidfmtidmoduleSeverityDescriptionseqnoactionflags
12/27/2015 8:289.4E+09SYSTEMvpn02/27/2015 8:28ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xA8E288CA/0x0C4BB904 lifetime 3600 Sec lifesize unlimited.324870x8000000000000000
12/27/2015 8:289.4E+09SYSTEMvpn02/27/2015 8:28ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x9708CBA6, SPI:0xA8E288CA/0x0C4BB904.324860x8000000000000000
12/27/2015 8:289.4E+09SYSTEMvpn02/27/2015 8:28ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x9708CBA6.324850x8000000000000000
12/27/2015 8:239.4E+09SYSTEMvpn02/27/2015 8:23tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up324820x8000000000000000
12/27/2015 8:219.4E+09SYSTEMvpn02/27/2015 8:21tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up324780x8000000000000000
12/27/2015 7:299.4E+09SYSTEMvpn02/27/2015 7:29ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0x945B6135/0x03995B90 lifetime 3600 Sec lifesize unlimited.324440x8000000000000000
12/27/2015 7:299.4E+09SYSTEMvpn02/27/2015 7:29ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x58F37B11, SPI:0x945B6135/0x03995B90.324430x8000000000000000
12/27/2015 7:299.4E+09SYSTEMvpn02/27/2015 7:29ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x58F37B11.324420x8000000000000000
12/27/2015 7:299.4E+09SYSTEMvpn02/27/2015 7:29ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xA72B82F1/0x0271C85B.324410x8000000000000000
12/27/2015 7:299.4E+09SYSTEMvpn02/27/2015 7:29ike-recv-p2-delete00generalinformationalIKE protocol IPSec SA delete message received from peer. SPI:0x0271C85B.324400x8000000000000000
12/27/2015 7:289.4E+09SYSTEMvpn02/27/2015 7:28ike-nego-p1-succ00generalinformationalIKE phase-1 negotiation is succeeded as initiator, main mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:b4b349404f5d0b2e lifetime 86400 Sec.324390x8000000000000000
12/27/2015 7:289.4E+09SYSTEMvpn02/27/2015 7:28ike-nego-p1-start00generalinformationalIKE phase-1 negotiation is started as initiator, main mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:0000000000000000.324380x8000000000000000
12/27/2015 7:109.4E+09SYSTEMvpn02/27/2015 7:10ike-nego-p1-delete00generalinformationalIKE phase-1 SA is deleted SA: 203.82.55.114[500]-165.21.244.134[500] cookie:191098e4ef6db35d:eba9ee89ff200b07.324190x8000000000000000
12/27/2015 7:109.4E+09SYSTEMvpn02/27/2015 7:10ike-send-p1-delete00generalinformationalIKE protocol phase-1 SA delete message sent to peer. cookie:191098e4ef6db35d:eba9ee89ff200b07.324180x8000000000000000
12/27/2015 7:109.4E+09SYSTEMvpn02/27/2015 7:10ike-nego-p1-expire00generalinformationalIKE phase-1 SA is expired SA: 203.82.55.114[500]-165.21.244.134[500] cookie:191098e4ef6db35d:eba9ee89ff200b07.324170x8000000000000000
12/27/2015 6:499.4E+09SYSTEMvpn02/27/2015 6:49ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0x8EC49306/0x0A00A601.324120x8000000000000000
12/27/2015 6:499.4E+09SYSTEMvpn02/27/2015 6:49ike-send-p2-delete00generalinformationalIKE protocol IPSec SA delete message sent to peer. SPI:0x8EC49306.324110x8000000000000000
12/27/2015 6:489.4E+09SYSTEMvpn02/27/2015 6:48ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xA72B82F1/0x0271C85B lifetime 3600 Sec lifesize unlimited.324100x8000000000000000
12/27/2015 6:489.4E+09SYSTEMvpn02/27/2015 6:48ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xB9E73AE9, SPI:0xA72B82F1/0x0271C85B.324090x8000000000000000
12/27/2015 6:489.4E+09SYSTEMvpn02/27/2015 6:48ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xB9E73AE9.324080x8000000000000000
12/27/2015 6:229.4E+09SYSTEMvpn02/27/2015 6:22tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up323960x8000000000000000
12/27/2015 6:219.4E+09SYSTEMvpn02/27/2015 6:21tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up323920x8000000000000000
12/27/2015 5:509.4E+09SYSTEMvpn02/27/2015 5:50ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xB321E649/0x003591D6.323790x8000000000000000
12/27/2015 5:509.4E+09SYSTEMvpn02/27/2015 5:50ike-send-p2-delete00generalinformationalIKE protocol IPSec SA delete message sent to peer. SPI:0xB321E649.323780x8000000000000000
12/27/2015 5:509.4E+09SYSTEMvpn02/27/2015 5:50ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0x8EC49306/0x0A00A601 lifetime 3600 Sec lifesize unlimited.323770x8000000000000000
12/27/2015 5:509.4E+09SYSTEMvpn02/27/2015 5:50ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x90AF6DAA, SPI:0x8EC49306/0x0A00A601.323760x8000000000000000
12/27/2015 5:509.4E+09SYSTEMvpn02/27/2015 5:50ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x90AF6DAA.323750x8000000000000000
12/27/2015 4:519.4E+09SYSTEMvpn02/27/2015 4:51ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xAD6F2495/0x014F0B38.323490x8000000000000000
12/27/2015 4:519.4E+09SYSTEMvpn02/27/2015 4:51ike-send-p2-delete00generalinformationalIKE protocol IPSec SA delete message sent to peer. SPI:0xAD6F2495.323480x8000000000000000
12/27/2015 4:519.4E+09SYSTEMvpn02/27/2015 4:51ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xB321E649/0x003591D6 lifetime 3600 Sec lifesize unlimited.323470x8000000000000000
12/27/2015 4:519.4E+09SYSTEMvpn02/27/2015 4:51ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xC4EA4E0E, SPI:0xB321E649/0x003591D6.323460x8000000000000000
12/27/2015 4:519.4E+09SYSTEMvpn02/27/2015 4:51ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xC4EA4E0E.323450x8000000000000000
12/27/2015 4:229.4E+09SYSTEMvpn02/27/2015 4:22tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up323330x8000000000000000
12/27/2015 4:209.4E+09SYSTEMvpn02/27/2015 4:20tunnel-status-up00generalinformationalTunnel BS_LSVPN_Tunnel (id:1, peer: 172.21.4.1) is up323290x8000000000000000
12/27/2015 3:529.4E+09SYSTEMvpn02/27/2015 3:52ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0x916AA3D2/0x0D19F830.323150x8000000000000000
12/27/2015 3:529.4E+09SYSTEMvpn02/27/2015 3:52ike-send-p2-delete00generalinformationalIKE protocol IPSec SA delete message sent to peer. SPI:0x916AA3D2.323140x8000000000000000
12/27/2015 3:529.4E+09SYSTEMvpn02/27/2015 3:52ipsec-key-install00generalinformationalIPSec key installed. Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xAD6F2495/0x014F0B38 lifetime 3600 Sec lifesize unlimited.323130x8000000000000000
12/27/2015 3:529.4E+09SYSTEMvpn02/27/2015 3:52ike-nego-p2-succ00generalinformationalIKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xE4D9C17C, SPI:0xAD6F2495/0x014F0B38.323120x8000000000000000
12/27/2015 3:529.4E+09SYSTEMvpn02/27/2015 3:52ike-nego-p2-start00generalinformationalIKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0xE4D9C17C.323110x8000000000000000
12/27/2015 2:539.4E+09SYSTEMvpn02/27/2015 2:53ipsec-key-delete00generalinformationalIPSec key deleted. Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xD6119110/0x0782FE6A.322850x8000000000000000
SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
0 Likes Likes

fatboy1607
L4 Transporter
In response to hshah

‎02-28-2015 08:52 AM

2015-02-28 07:28:29 [INFO]: ====> PHASE-1 SA LIFETIME EXPIRED <====

====> Expired SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:b4b349404f5d0b2e <====

2015-02-28 07:28:29 [INFO]: ====> PHASE-1 SA DELETED <====

====> Deleted SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:b4b349404f5d0b2e <====

2015-02-28 08:03:29 [INFO]: IPsec-SA request for 165.21.244.134 queued since no phase1 found

2015-02-28 08:03:29 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION STARTED AS INITIATOR, MAIN MODE <====

====> Initiated SA: 203.82.55.114[500]-165.21.244.134[500] cookie:2df5e99ee9b8144e:0000000000000000 <====

2015-02-28 08:03:30 [INFO]: received Vendor ID: RFC 3947

2015-02-28 08:03:30 [INFO]: received Vendor ID: DPD

2015-02-28 08:03:30 [INFO]: Selected NAT-T version: RFC 3947

2015-02-28 08:03:30 [INFO]: Hashing 165.21.244.134[500] with algo #2

2015-02-28 08:03:30 [INFO]: Hashing 203.82.55.114[500] with algo #2

2015-02-28 08:03:30 [INFO]: Adding remote and local NAT-D payloads.

2015-02-28 08:03:30 [INFO]: Hashing 203.82.55.114[500] with algo #2

2015-02-28 08:03:30 [INFO]: NAT-D payload #0 verified

2015-02-28 08:03:30 [INFO]: Hashing 165.21.244.134[500] with algo #2

2015-02-28 08:03:30 [INFO]: NAT-D payload #1 verified

2015-02-28 08:03:30 [INFO]: NAT not detected

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION SUCCEEDED AS INITIATOR, MAIN MODE <====

====> Established SA: 203.82.55.114[500]-165.21.244.134[500] cookie:2df5e99ee9b8144e:1c004f39f60ecd83 lifetime 86400 Sec <====

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION STARTED AS INITIATOR, (QUICK MODE) <====

====> Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x6F05C64C <====

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION SUCCEEDED AS INITIATOR, (QUICK MODE) <====

====> Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x6F05C64C, SPI:0xB24C20B8/0x0DF2F92C <====

2015-02-28 08:03:30 [INFO]: SADB_UPDATE ul_proto=255 src=165.21.244.134[500] dst=203.82.55.114[500] satype=ESP samode=tunl spi=0xB24C20B8 authtype=SHA1 enctype=AES128 lifetime soft time=3600 bytes=0 hard time=3600 bytes=0

2015-02-28 08:03:30 [INFO]: SADB_ADD ul_proto=255 src=203.82.55.114[500] dst=165.21.244.134[500] satype=ESP samode=tunl spi=0x0DF2F92C authtype=SHA1 enctype=AES128 lifetime soft time=3600 bytes=0 hard time=3600 bytes=0

2015-02-28 08:03:30 [INFO]: IPsec-SA established: ESP/Tunnel 165.21.244.134[500]->203.82.55.114[500] spi=2991333560(0xb24c20b8)

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> IPSEC KEY INSTALLATION SUCCEEDED <====

====> Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xB24C20B8/0x0DF2F92C lifetime 3600 Sec lifesize unlimited <====

2015-02-28 08:03:30 [INFO]: keymirror add start ++++++++++++++++

2015-02-28 08:03:30 [INFO]: keymirror add for gw 1, tn 3, selfSPI B24C20B8, retcode 0.

2015-02-28 08:03:31 [INFO]: keymirror del start ----------------

2015-02-28 08:03:31 [INFO]: keymirror del for gw 1, tn 3, selfSPI A15D4857, retcode 0.

2015-02-28 08:03:31 [PROTO_NOTIFY]: ====> IPSEC KEY DELETED <====

====> Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xA15D4857/0x09930C2C <====

2015-02-28 08:03:31 [INFO]: SADB_DELETE ul_proto=0 src=203.82.55.114[500] dst=165.21.244.134[500] satype=ESP spi=0xA15D4857

2015-02-28 08:03:31 [INFO]: received PFKEY_DELETE seq=0 satype=ESP spi=0xA15D4857

2015-02-28 08:03:40 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=2df5e99ee9b8144e 1c004f39f60ecd83 (size=16).

2015-02-28 08:03:50 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=2df5e99ee9b8144e 1c004f39f60ecd83 (size=16

2015-02-28 07:28:29 [INFO]: ====> PHASE-1 SA LIFETIME EXPIRED <====

====> Expired SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:b4b349404f5d0b2e <====

2015-02-28 07:28:29 [INFO]: ====> PHASE-1 SA DELETED <====

====> Deleted SA: 203.82.55.114[500]-165.21.244.134[500] cookie:5c12ea83776817d7:b4b349404f5d0b2e <====

2015-02-28 08:03:29 [INFO]: IPsec-SA request for 165.21.244.134 queued since no phase1 found

2015-02-28 08:03:29 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION STARTED AS INITIATOR, MAIN MODE <====

====> Initiated SA: 203.82.55.114[500]-165.21.244.134[500] cookie:2df5e99ee9b8144e:0000000000000000 <====

2015-02-28 08:03:30 [INFO]: received Vendor ID: RFC 3947

2015-02-28 08:03:30 [INFO]: received Vendor ID: DPD

2015-02-28 08:03:30 [INFO]: Selected NAT-T version: RFC 3947

2015-02-28 08:03:30 [INFO]: Hashing 165.21.244.134[500] with algo #2

2015-02-28 08:03:30 [INFO]: Hashing 203.82.55.114[500] with algo #2

2015-02-28 08:03:30 [INFO]: Adding remote and local NAT-D payloads.

2015-02-28 08:03:30 [INFO]: Hashing 203.82.55.114[500] with algo #2

2015-02-28 08:03:30 [INFO]: NAT-D payload #0 verified

2015-02-28 08:03:30 [INFO]: Hashing 165.21.244.134[500] with algo #2

2015-02-28 08:03:30 [INFO]: NAT-D payload #1 verified

2015-02-28 08:03:30 [INFO]: NAT not detected

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-1 NEGOTIATION SUCCEEDED AS INITIATOR, MAIN MODE <====

====> Established SA: 203.82.55.114[500]-165.21.244.134[500] cookie:2df5e99ee9b8144e:1c004f39f60ecd83 lifetime 86400 Sec <====

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION STARTED AS INITIATOR, (QUICK MODE) <====

====> Initiated SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x6F05C64C <====

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION SUCCEEDED AS INITIATOR, (QUICK MODE) <====

====> Established SA: 203.82.55.114[500]-165.21.244.134[500] message id:0x6F05C64C, SPI:0xB24C20B8/0x0DF2F92C <====

2015-02-28 08:03:30 [INFO]: SADB_UPDATE ul_proto=255 src=165.21.244.134[500] dst=203.82.55.114[500] satype=ESP samode=tunl spi=0xB24C20B8 authtype=SHA1 enctype=AES128 lifetime soft time=3600 bytes=0 hard time=3600 bytes=0

2015-02-28 08:03:30 [INFO]: SADB_ADD ul_proto=255 src=203.82.55.114[500] dst=165.21.244.134[500] satype=ESP samode=tunl spi=0x0DF2F92C authtype=SHA1 enctype=AES128 lifetime soft time=3600 bytes=0 hard time=3600 bytes=0

2015-02-28 08:03:30 [INFO]: IPsec-SA established: ESP/Tunnel 165.21.244.134[500]->203.82.55.114[500] spi=2991333560(0xb24c20b8)

2015-02-28 08:03:30 [PROTO_NOTIFY]: ====> IPSEC KEY INSTALLATION SUCCEEDED <====

====> Installed SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xB24C20B8/0x0DF2F92C lifetime 3600 Sec lifesize unlimited <====

2015-02-28 08:03:30 [INFO]: keymirror add start ++++++++++++++++

2015-02-28 08:03:30 [INFO]: keymirror add for gw 1, tn 3, selfSPI B24C20B8, retcode 0.

2015-02-28 08:03:31 [INFO]: keymirror del start ----------------

2015-02-28 08:03:31 [INFO]: keymirror del for gw 1, tn 3, selfSPI A15D4857, retcode 0.

2015-02-28 08:03:31 [PROTO_NOTIFY]: ====> IPSEC KEY DELETED <====

====> Deleted SA: 203.82.55.114[500]-165.21.244.134[500] SPI:0xA15D4857/0x09930C2C <====

2015-02-28 08:03:31 [INFO]: SADB_DELETE ul_proto=0 src=203.82.55.114[500] dst=165.21.244.134[500] satype=ESP spi=0xA15D4857

2015-02-28 08:03:31 [INFO]: received PFKEY_DELETE seq=0 satype=ESP spi=0xA15D4857

2015-02-28 08:03:40 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=2df5e99ee9b8144e 1c004f39f60ecd83 (size=16).

2015-02-28 08:03:50 [PROTO_NOTIFY]: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=2df5e99ee9b8144e 1c004f39f60ecd83 (size=16

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
0 Likes Likes

HULK
L7 Applicator
In response to fatboy1607

‎02-28-2015 01:36 PM

Hello Mandar,

From the above mentioned logs, it looks the SA key is getting deleted pre-maturely. Hence the tunnel is trying to establish multiple times. Could you please confirm below mentioned information here:

1: what value has been set for IPSec phase-1 and Phase-2 lifetime for this VPN tunnel..?

2: could you please take a packet capture on the PAN external interface between 2 IPSec gateway IP and verify, who is initiating the ISAKMP SA deletion messages..?

3: could you please confirm, if DPD and tunnel monitoring is configured on this PAN firewall, same setting has been defined on the other end device as well...?

4: if DH key is configured on PAN for IPSec crypto, make sure same DH group has been configured on the other end firewall as well.

Thanks

0 Likes Likes

LizaRajjab
L2 Linker
In response to HULK

‎06-18-2024 11:19 PM

Hi, 

 

Can i know what is solutions for this? i also facing same issue

 

thanks

0 Likes Likes
  • 15094 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks