- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-09-2024 01:01 PM
HI Team
We have an issue with AWS Site to Site VPN, where we can see continuous rekeying of Phase-2 tunnels. It's a PA-3220 HA pair. It started happening recently as we can see previously the rekey did happen only after the Lifetime expired (Phase-2 Lifetime set to 3600 sec on both Palo and AWS).
This VPN has been in place for over a year without issues and we recently started seeing these rekeys every minute.
We have checked the Phase-1 and 2 settings which are similar and in IKEMGR.log where we see everytime REKEY happens :
2024-04-09 11:16:21.933 -0400 [INFO]: { 3: }: no more child SA to be renegotiated! Check dup IKE SA for new_sa(sn 287321)
2024-04-09 11:16:21.933 -0400 [INFO]: { 3: }: Found dup IKE SA (SN 286508) for (SN 287321)
2024-04-09 11:16:21.933 -0400 [INFO]: { 3: }: Survice IKE_SA (SN 286508)
2024-04-09 11:16:21.933 -0400 [INFO]: { 3: }: Found dup IKE SA (SN 287303) for (SN 286508)
Firewall remove the IKE SA as duplicates IKE SAs... we see this happening continuously.
We have already deleted/recreated this issue and tried to clear the vpn completely but still this is happening.
Any leads would be appreciated.
TIA!!