- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-13-2024 12:12 PM
I have 2 sites, each with a virtual ION. Each has 2 WAN interfaces, behind NAT, and a pair of tunnels to Prisma Access. Site1 is fine and both tunnels are up. Site 2 was fine but at some point one of the tunnels went down.
I cannot figure out what could be the issue as their appears to be limited logging or IKE/IPsec debugging. I can see the from the CLI the down tunnel is in the "tunnel_bring_up" state. Internet from both interfaces works and I can ping tunnel endpoint from either WAN interface.
These tunnels were auto created using the "Connect to Prisma Access" feature and both have the same tunnel endpoint IP. Site 1 is configured in a similar fashion and is up.
Any ideas where to look next?
07-13-2024 12:17 PM
So the virtual ion is behind a palo FW and the session state was stale I think. I cleared the session from the Palo and the tunnel came up.
07-13-2024 12:17 PM
So the virtual ion is behind a palo FW and the session state was stale I think. I cleared the session from the Palo and the tunnel came up.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!