Prisma SD-WAN VPNs are in down state with message "out of shared secret key"

Prisma SD-WAN VPNs are in down state with message "out of shared secret key"

1212
Created On 12/06/22 00:03 AM - Last Modified 06/04/25 23:21 PM


Symptom


  • The Prisma SD-WAN VPNs are in down state
  • The VPN status on the CLI (dump vpn status VpnID=1719xxxxxxxxxxx)  shows "out of shared secret key."

Environment


  • Prisma SD-WAN
  • ION Devices
  • VPNs

Cause


  • The ION device is offline for more than 72 hours and cannot update the keys from cloud controller. 
  • OR
  • NTP is misconfigured causing the ION not to update the keys from cloud controller.

Note: The shared key is only valid for 72 hours.

Resolution


  1. Check the NTP on both ends of ION devices (Branch and DC).
  2. Make sure the time matches on both ION devices. If they do not match, check the configuration and correct the same.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sa2zCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail