cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About ShaunaYelverton

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ShaunaYelverton
3 weeks ago
since ‎01-10-2020
L1 Bithead
User Activity
User Profile
Latest posts by ShaunaYelverton
View All
User Badges
Public Statistics
Date Registered ‎01-10-2020 11:23 AM
Date Last Visited 3 weeks ago
Total Messages Posted 3

Re: All site to site tunnels drop

by in General Topics
‎03-06-2020 05:37 AM
‎03-06-2020 05:37 AM
We are running 9.0.5, it was a misconfiguration of the tunnel between the Sonicwalls and Palo.  They stayed up for over a week though.  Thanks for the update.   ... View more

Re: All site to site tunnels drop - Palo to Sonicwall

by in General Topics
‎03-06-2020 05:13 AM
‎03-06-2020 05:13 AM
In case anyone else is configuring PAN to Sonicwall this is how we configured. The tunnel interfaces were significantly slower and did not re-establish communication.   https://live.paloaltonetworks.com/t5/API-Articles/Create-a-VPN-from-Palo-Alto-to-Sonicwall/ta-p/55309       ... View more

All site to site tunnels drop

by in General Topics
‎03-05-2020 10:52 AM
‎03-05-2020 10:52 AM
We had an incident where we have site to site VPNs coming into the Palo.  The connection dropped and they would not come backup, even after dropping the VPN on both devices.  The end result was a reboot of the firewall and it came back up.  What I saw in the logs is pasted below.  Customer support just said "As we can see from the Ike manager logs the firewall is receiving the first packet for IKE negotiation which accepts and sends the response but its not getting the reply."  Both sides could ping each other.    Ideas? ************ ====> PHASE-1 NEGOTIATION FAILED AS RESPONDER, MAIN MODE <==== ====> Failed SA: [500] cookie:b54ae8b7fae36f5b:a2a373bfed2ef054 <==== Due to timeout. 2020-03-05 04:23:39.000 -0600 [INFO]: { 4: }: ====> PHASE-1 SA DELETED <==== ====> Deleted SA: [500] cookie:b54ae8b7fae36f5b:a2a373bfed2ef054 <==== 2020-03-05 04:23:42.974 -0600 [PNTF]: { 4: }: ====> PHASE-1 NEGOTIATION STARTED AS RESPONDER, MAIN MODE <==== ====> Initiated SA: 4[500] cookie:1589d0bc1ca8cedd:b61975bbe41105ad <==== 2020-03-05 04:23:42.975 -0600 [INFO]: { 4: }: received Vendor ID: RFC 3947 2020-03-05 04:23:42.975 -0600 [INFO]: { 4: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 2020-03-05 04:23:42.975 -0600 [INFO]: { 4: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 2020-03-05 04:23:42.975 -0600 [INFO]: { 4: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 2020-03-05 04:23:42.975 -0600 [INFO]: { 4: }: Selected NAT-T version: RFC 3947 2020-03-05 04:23:50.974 -0600 [INFO]: the packet is retransmitted from [500].   ... View more
Ask Questions Get Answers Join the Live Community
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks