Hello everybody, I'm having a weird issue with VPNs between a Palo Alto Cloud Firewall (PanOS9.1.3h) and Cisco Meraki Z3.All VPN Tunnels are established propely, but after a random period of time during the rekey step, a tunnel stays online, but network traffic can't be send anymore. We are currently having 5 of these connections with the same issues. I was able to capture a log, but I'm not able to troubleshoot it. Did some anonymization, see link attached. LOG On the Meraki site/log, you can see the there are two steps happening repeatedly on a working tunnel. inbound CHILD_SA outbound CHILD_SA At the time the error occurs, the outbound step is missing. Any ideas? Here are the tunnel settings IKEv2 On Palo side IPSec Crypto profile IPSec Protocol ESP DH group 2 LT 1h Encryption aes-256-gcm/cbc Authentication sha256 IKW Crypto profile DH Group group2 Encryption aes-256-cbc Authentication sha 256 Key LT 8h IKEv2 Authentication Multiple 5 On Meraki side Phase1 Encryption AES 256 Authentication SHA256 Pseudo-random Function Defaults to Authentication Diffie-Hellman group 2 Lifetime (sec) 28800 Phase2 Encryption AES 256 Authentication SHA256 PFS group 2 Liftime (sec) 3600 Palo Alto IKE GW Options Passive mode Enabled NAT-T Enabled Advanced Option Strict Cookie Validation turned off Liveness Check Interval (sec) 5
... View more