VPN tunnels failed to come up

Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN tunnels failed to come up

L0 Member

Good afternoon everyone. Earlier today we had a failure of our VPN tunnel to one of our medical application servers in the cloud. The server is hosted by a 3rd party and we have VPN tunnels built to it from our locations. At 7:48 am this morning our IKE phase one failed with the following message. "IKE phase-1 negotiation is started as responder, main mode. Failed SA: x.x.x.x[500]-x.x.x.x[500] cookie:xxxxxxxxxxxxxxxxxxxxxxxx. Due to timeout. After opening a ticket with the 3rd party to have them look at their end of the tunnel, I proceeded to clear vpn ike-sa gateway and clear vpn ipsec-sa tunnel from the firewall and then used the test vpn commands to spin the tunnels back up. I still received the same error message as before. I then went in and cleared all sessions that had anything to do with my tunnel and that still did not help. As a last resort, I remotely rebooted the firewall, (I am about 1 1/2 hours from this location). After the reboot, the tunnel came back up and began to work. Has anyone else ever seen this issue before?

  • 0 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!