IPSec VPN Interface Remains Down After Reboot

IPSec VPN Interface Remains Down After Reboot

28050
Created On 04/09/19 18:20 PM - Last Modified 05/05/25 10:12 AM


Symptom


Issue: IPSec VPN tunnel is created and working as expected. However, when the firewall reboots, the IPSec VPN tunnel goes down, and does not come up.

Environment


  • NGFW
  • Supported PANOS
  • IPSec Site to Site tunnel between Palo Alto Networks and any other firewall

Cause


This is normal behavior of IPSec tunnel. After the firewall reboots, security association (SA) information will be deleted completely.

Resolution


When the IPSec VPN tunnel goes down, after the firewall reboots, the tunnel does not come up automatically. There are two ways the tunnel can be brought back up.

1. Initiate the interesting traffic via IPSec tunnel, the tunnel with start negotiation and tunnel comes up.

2. Manually initiate the tunnel by executing commands on CLI 
admin@firewall> test vpn ike-sa

Start time: Apr.15 20:20:09
Initiate 1 IKE SA.

admin@firewall> test vpn ipsec-sa

Start time: Apr.15 20:20:21
Initiate 1 IPSec SA.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLUZCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language