11-12-2024 09:11 AM
Hi All,
I have a site to site VPN configured to client's ASA.
The VPN stays stable until the phase 2 lifetime expires and then never comes up until interesting traffic is generated from client(ASA) side.
On checking the PA logs, I see a couple of errors "IKE protocol notification message received: received notify type NON_FIRST_FRAGMENTS_ALSO" and "IKE protocol notification message received: received notify type ESP_TFC_PADDING_NOT_SUPPORTED' )".
All the parameters on both sides are the same. Please help me. Need your advice here.
11-12-2024 07:02 PM
Hello Msdphi,
IPSec is not really related to Panorama (except for pure configuration), in your case it is a tunnel getting down at expiration time, more interesting for all to post in NGFW related discussions.
From Panorama, you can configure a tunnel monitor so the regular ping may bring a new tunnel up.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
