Palo Alto site-to-site vpn monitoring

kiilaa
kiilaa used Ask the Experts™
on
Hello all,

on A Palo Alto FW after executing "show vpn ike-sa gateway gateway_id" command I receive the output such as below
show vpn
Does the "Established" time suggest that the VPN was down and reestablished at 08:01:55 or does it only mean that rekeying of phase 1 happened at that time due to SA lifetime expiry?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solutions Only
Dan CraciunIT Consultant
Commented:
Check the next day.

If at "Established" it said Mar.16 08:01:55 then it means you have a key life of 24 hours and that report showed the last time a new key was negotiated.

HTH,
Dan
kiilaa

Author

Commented:
thanks for your comment. the SA lifetime is 24 hours indeed. A new key is also negotiated when a tunnel is established. from what I understand that output is not telling us the reason for rekey, is that correct?
IT Consultant
Commented:
That is correct. That command only gives you the current state, not the history.
kiilaa

Author

Commented:
thanks Dan
Dan CraciunIT Consultant

Commented:
You're welcome.

Glad I could help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial