asked on
Palo Alto site-to-site vpn monitoring
Hello all,
on A Palo Alto FW after executing "show vpn ike-sa gateway gateway_id" command I receive the output such as below
![show vpn]()
Does the "Established" time suggest that the VPN was down and reestablished at 08:01:55 or does it only mean that rekeying of phase 1 happened at that time due to SA lifetime expiry?
on A Palo Alto FW after executing "show vpn ike-sa gateway gateway_id" command I receive the output such as below
Does the "Established" time suggest that the VPN was down and reestablished at 08:01:55 or does it only mean that rekeying of phase 1 happened at that time due to SA lifetime expiry?
Hardware Firewalls* Palo Alto NetworksVPNNetworking
Last Comment
Dan Craciun
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks for your comment. the SA lifetime is 24 hours indeed. A new key is also negotiated when a tunnel is established. from what I understand that output is not telling us the reason for rekey, is that correct?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks Dan
You're welcome.
Glad I could help!
Glad I could help!