About netsupport1

Hi guys, No luck on either front, this is crazy! Do you think making a new drive for panlogs will work? ... View more

Thanks Panos, Ill try again this morning just to make sure, Thanks Parmas, I have rebooted it several times to no avail, is there any way i can attach another drive in VMWare workstation for traffic logs? regards warren ... View more

Hi Panos, Yeah already tried that unfortunately, is this a common issue with the VM? Regards Warren ... View more

Thanks for your help Hulk, but that doesn't show any output Anyone else got any ideas? ... View more

Hi Hulk, I tried them all this morning with no luck.... Sorry ;-( Oh and this is a LAB not a production network, so i can do anything Is there a command to watch traffic logs live in CLI? ... View more

admin@PA-VM> show session all -------------------------------------------------------------------------------- ID          Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[Port]) Vsys                                          Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 901          ping           ACTIVE  FLOW       172.16.2.100[30501]/Outside/1  (172.16.2.100[30501]) vsys1                                          172.16.1.100[18]/Inside  (172.16.1.100[18]) 351          ciscovpn       ACTIVE  FLOW       192.168.3.2[500]/Outside/17  (192.168.3.2[500]) vsys1                                          192.168.3.100[500]/Outside  (192.168.3.100[500]) 825          ipsec-esp      ACTIVE  TUNN       192.168.3.2[5378]/Outside/50  (192.168.3.2[52372]) vsys1                                          192.168.3.100[63229]/Outside  (192.168.3.100[4975]) 898          ping           ACTIVE  FLOW       172.16.2.100[30245]/Outside/1  (172.16.2.100[30245]) vsys1                                          172.16.1.100[17]/Inside  (172.16.1.100[17]) 896          ping           ACTIVE  FLOW       172.16.2.100[29221]/Outside/1  (172.16.2.100[29221]) vsys1                                          172.16.1.100[14]/Inside  (172.16.1.100[14]) 897          ping           ACTIVE  FLOW       172.16.2.100[29733]/Outside/1  (172.16.2.100[29733]) vsys1                                          172.16.1.100[15]/Inside  (172.16.1.100[15]) 899          ping           ACTIVE  FLOW       172.16.2.100[29989]/Outside/1  (172.16.2.100[29989]) vsys1                                          172.16.1.100[16]/Inside  (172.16.1.100[16]) admin@PA-VM> show session id 901 Session             901         c2s flow:                 source:      172.16.2.100 [Outside]                 dst:         172.16.1.100                 proto:       1                 sport:       30501           dport:      18                 state:       ACTIVE          type:       FLOW                 src user:    unknown                 dst user:    unknown         s2c flow:                 source:      172.16.1.100 [Inside]                 dst:         172.16.2.100                 proto:       1                 sport:       18              dport:      30501                 state:       ACTIVE          type:       FLOW                 src user:    unknown                 dst user:    unknown         start time                           : Thu Dec 18 02:53:02 2014         timeout                              : 6 sec         time to live                         : 1 sec         total byte count(c2s)                : 98         total byte count(s2c)                : 98         layer7 packet count(c2s)             : 1         layer7 packet count(s2c)             : 1         vsys                                 : vsys1         application                          : ping         rule                                 : Outside in         session to be logged at end          : True         session in session ager              : True         session updated by HA peer           : False         layer7 processing                    : enabled         URL filtering enabled                : False         session via syn-cookies              : False         session terminated on host           : False         session traverses tunnel             : True         captive portal session               : False         ingress interface                    : tunnel.1         egress interface                     : ethernet1/1         session QoS rule                     : N/A (class 4)         end-reason                           : unknown admin@PA-VM> And the rule; ... View more

I ran a packet capture for all stages, all are picking up packets; ... View more

Hi again HULK! admin@PA-VM> show log traffic direction equal backward Time                App             From            Src Port          Source Rule                Action          To              Dst Port          Destination                     Src User        Dst User        End Reason =============================================================================== admin@PA-VM> ... View more

Hi Parmas, Yep they are very simple; permit all from in to out and out to in, this is just a lab, all rules logging at session start and end. ... View more

Hi Csharma, admin@PA-VM> debug log-receiver statistics Logging statistics ------------------------------ ----------- Log incoming rate:             0/sec Log written rate:              0/sec Corrupted packets:             0 Corrupted URL packets:         0 Corrupted HTTP HDR packets:    0 Logs discarded (queue full):   0 Traffic logs written:          380 URL logs written:              0 Wildfire logs written:         0 Anti-virus logs written:       0 Widfire Anti-virus logs written: 0 Spyware logs written:          0 Attack logs written:           0 Vulnerability logs written:    0 Fileext logs written:          0 URL cache age out count:       0 URL cache full count:          0 URL cache key exist count:     0 URL cache wrt incomplete http hdrs count: 0 URL cache rcv http hdr before url count: 0 URL cache full drop count(url log not received): 0 URL cache age out drop count(url log not received): 0 Traffic alarms dropped due to sysd write failures: 0 Traffic alarms dropped due to global rate limiting: 0 Traffic alarms dropped due to each source rate limiting: 0 Traffic alarms generated count:  0 Log Forward count:             0 Log Forward discarded (queue full) count: 0 Log Forward discarded (send error) count: 0 Summary Statistics: Num current drop entries in trsum:0 Num cumulative drop entries in trsum:0 Num current drop entries in thsum:0 Num cumulative drop entries in thsum:0 External Forwarding stats:       Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send Rate(last 1min)     syslog              0              0              0              0                        0       snmp              0              0              0              0                        0      email              0              0              0              0                        0        raw              0              0              0              0                        0 admin@PA-VM> debug log-receiver statistics Logging statistics ------------------------------ ----------- Log incoming rate:             0/sec Log written rate:              0/sec Corrupted packets:             0 Corrupted URL packets:         0 Corrupted HTTP HDR packets:    0 Logs discarded (queue full):   0 Traffic logs written:          382 URL logs written:              0 Wildfire logs written:         0 Anti-virus logs written:       0 Widfire Anti-virus logs written: 0 Spyware logs written:          0 Attack logs written:           0 Vulnerability logs written:    0 Fileext logs written:          0 URL cache age out count:       0 URL cache full count:          0 URL cache key exist count:     0 URL cache wrt incomplete http hdrs count: 0 URL cache rcv http hdr before url count: 0 URL cache full drop count(url log not received): 0 URL cache age out drop count(url log not received): 0 Traffic alarms dropped due to sysd write failures: 0 Traffic alarms dropped due to global rate limiting: 0 Traffic alarms dropped due to each source rate limiting: 0 Traffic alarms generated count:  0 Log Forward count:             0 Log Forward discarded (queue full) count: 0 Log Forward discarded (send error) count: 0 Summary Statistics: Num current drop entries in trsum:0 Num cumulative drop entries in trsum:0 Num current drop entries in thsum:0 Num cumulative drop entries in thsum:0 External Forwarding stats:       Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send Rate(last 1min)     syslog              0              0              0              0                        0       snmp              0              0              0              0                        0      email              0              0              0              0                        0        raw              0              0              0              0                        0 admin@PA-VM> admin@PA-VM> show system disk-space Filesystem            Size  Used Avail Use% Mounted on /dev/sda2             4.0G  1.6G  2.3G  42% / /dev/sda5             8.0G  563M  7.0G   8% /opt/pancfg /dev/sda6             4.0G  461M  3.4G  12% /opt/panrepo tmpfs                 2.0G  1.6G  504M  76% /dev/shm /dev/sda8              16G  200M   15G   2% /opt/panlogs admin@PA-VM> ... View more

Ok so i have a confession to make, the hosts you see in the topo above aren't real, they are loopbacks, and i was sourcing pings from the loopback but it just wasn't working as stated, this morning i made them "real"" hosts and it all worked, i'm not 100% on why I'm so thankful for your offered help, it's my first enquiry in this forum and i am impressed, being a Cisco guy i was a little doubtful that i would get a resolution ....wow! how wrong i was! Thankyou all!!!! ... View more

So sorry guys, i documented the topo wrong, the two LAN subnets are swapped; So the static is correct i believe, 172.16.1.0/24 to tunnel .1 Thank you all so so much for your help thus far, sorry about the bum steer! regards ... View more

Thanks Hulk, See below for output admin@PA-VM> show vpn flow total tunnels configured:                                     2 filter - type IPSec, state any total IPSec tunnel configured:                                2 total IPSec tunnel shown:                                     2 id    name                  state      monitor      local-ip        peer-ip         tunnel-i/f ----------------------------------------------------------------------------------------------- 7     Citec_IPSEC:networks  active     off          192.168.3.2     192.168.3.100   tunnel.1 9     Citec_IPSEC:networks2 init       off          192.168.3.2     192.168.3.100   tunnel.1 admin@PA-VM> admin@PA-VM> show vpn flow tunnel-id 7 tunnel  Citec_IPSEC:networks         id:                     7         type:                   IPSec         gateway id:             1         local ip:               192.168.3.2         peer ip:                192.168.3.100         inner interface:        tunnel.1         outer interface:        ethernet1/2         state:                  active         session:                107         tunnel mtu:             1428         lifetime remain:        3478 sec         latest rekey:           122 seconds ago         monitor:                off         monitor packets seen:   0         monitor packets reply:  0         en/decap context:       3         local spi:              9183D0C8         remote spi:             BA222D14         key type:               auto key         protocol:               ESP         auth algorithm:         SHA1         enc  algorithm:         AES128         proxy-id local ip:      172.16.1.0/24         proxy-id remote ip:     172.16.2.0/24         proxy-id protocol:      0         proxy-id local port:    0         proxy-id remote port:   0         anti replay check:      yes         copy tos:               no         authentication errors:  0         decryption errors:      0         inner packet warnings:  0         replay packets:         0         packets received           when lifetime expired:0           when lifesize expired:0         sending sequence:       0         receive sequence:       4         encap packets:          0         decap packets:          4         encap bytes:            0         decap bytes:            544         key acquire requests:   0         owner state:            0         owner cpuid:            s1dp0         ownership:              1 admin@PA-VM> show vpn flow tunnel-id 9 tunnel  Citec_IPSEC:networks2         id:                     9         type:                   IPSec         gateway id:             1         local ip:               192.168.3.2         peer ip:                192.168.3.100         inner interface:        tunnel.1         outer interface:        ethernet1/2         state:                  init         session:                2         tunnel mtu:             1448         lifetime remain:        N/A         monitor:                off         monitor packets seen:   0         monitor packets reply:  0         en/decap context:       2         local spi:              00000000         remote spi:             00000000         key type:               auto key         protocol:               ESP         auth algorithm:         NOT ESTABLISHED         enc  algorithm:         NOT ESTABLISHED         proxy-id local ip:      172.16.2.0/24         proxy-id remote ip:     172.16.1.0/24         proxy-id protocol:      0         proxy-id local port:    0         proxy-id remote port:   0         anti replay check:      yes         copy tos:               no         authentication errors:  0         decryption errors:      0         inner packet warnings:  0         replay packets:         0         packets received           when lifetime expired:0           when lifesize expired:0         sending sequence:       0         receive sequence:       0         encap packets:          0         decap packets:          0         encap bytes:            0         decap bytes:            0         key acquire requests:   0         owner state:            0         owner cpuid:            s1dp0         ownership:              1 admin@PA-VM> ... View more