Hi All, I'm a medior network engineer who just got into a new position where I deal with PA FWs. I face the following issue now: There is an IPSEC site-to-site VPN between my PA-850 (ver. 9.1.3) and a remote FW (I'm not sure about the remote device type). I see strange behaviours. Yesterday 3 pm the rekey happened. It finished with ikev2-nego-child-succ event and created a Child_SA. But today morning all the keys got renegotiated starting with this event: Ikev2-nego-child-start. Description: IKEv2 child SA negotiation is started as responder, rekey. Initiated SA: *local_ip*[500]-*remote_ip*[500]. After this all the child SAs for the various proxy ids got deleted and then re-installed. Note: I started the story with yesterday's rekey. That was also a chain of events like this, in which the rekey was not yet due. Our workforce is relying on this IPsec tunnel, but that is also strange that on yesterday's failure they all experienced connectivity issues while on today's one they did not. Please let me know if you have any ideas, or question. Cheers, Daniel
... View more