I am trying to troubleshoot why I am having issues with a certain VPN router device through the PA 3020 firewall, This is the message on the packet capture
ISAKMP Identity protection (main mode).
I am new to firewall and if there are any other troubleshooting methods I can use I would appreciate the advice. commands, gui anything
If firewall is just a pass through device for vpn connection, you will only see encrypted packets in the packet capture. This packet will also be one of them. From PA's perspective, you can verify if the firewall is dropping any packets from source and destination in question. If not, you will have to look for vpn end devices. If firewall is dropping packets, we can further look at the counters to see reason behind it.
Yes the VPN router just resides behind the firewall and goes through the firewall to a remote desitnation at a vendor location. The vendor say that the tunnel to our location are in an up/down state, and I am unable to ping,from command line on our server, their remote destination IP's. I am not sure if the firewall is blocking packets going in or out for sure not sure the best tool in the PA or outside the PA to determine that.
You can do packet capture on PAN for the source/destination ip of VPN end points and see if there are any drops from PAN. That should verify if you need to look into other device. Here is a link to do pcap on PAN :
Hope that helps.
Thanks those were excellent step by step instructions on doing a packet capture, so now how do I interpret the information so I know what the issue is and how to fix it
Now, if you capture the traffic between the vpn end points (source and destination) on PAN and if you see any drops, that could be of concern and we have to see why PAN is dropping the packets. If we do not see any drops, then you can look for other device that might be causing the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!