Solved: Palo Alto site-to-site vpn monitoring

Palo Alto site-to-site vpn monitoring

5 Comments

2 Solutions

235 Views

Last Modified: 2017-03-24

Hello all,

on A Palo Alto FW after executing "show vpn ike-sa gateway gateway_id" command I receive the output such as below

Does the "Established" time suggest that the VPN was down and reestablished at 08:01:55 or does it only mean that rekeying of phase 1 happened at that time due to SA lifetime expiry?

View Solutions Only

Dan Craciun

IT Consultant

CERTIFIED EXPERT

Commented: 2017-03-23

This problem has been solved!

(Unlock this solution with a 7-day Free Trial)

UNLOCK SOLUTION

kiilaa

Author

Commented: 2017-03-24

thanks for your comment. the SA lifetime is 24 hours indeed. A new key is also negotiated when a tunnel is established. from what I understand that output is not telling us the reason for rekey, is that correct?

Dan Craciun

IT Consultant

CERTIFIED EXPERT

Commented: 2017-03-24

This problem has been solved!

(Unlock this solution with a 7-day Free Trial)

UNLOCK SOLUTION

kiilaa

Author

Commented: 2017-03-24

thanks Dan

Dan Craciun

IT Consultant

CERTIFIED EXPERT

Commented: 2017-03-24

You're welcome.

Glad I could help!

Palo Alto site-to-site vpn monitoring

Premium Content

Premium Content

View Solutions Only