Netzwerkthemen Archive - Seite 11 von 206

Palo Alto: Phase 2: Anzeige wechselt unregelmässig zwischen Resp und Init

Frage: Es fiel auf, dass in der Anzeige der Phase 2 der Status von Resp to Init wechselt, warum? Harmlos? Bei Neuaufbau des Tunnels? user@PAC1(active)> show vpn ike-sa gateway T004_PH_AR IKEv1 phase-1 SAs GwID/client IP Peer-Address Gateway Name Role Mode Algorithm Established Expiration V ST Xt Phase2 ————– ———— ———— —- —- ——— ———– ———- – — — —— 14 193.158.105.154 T004_PH_AR Resp Main PSK/ DH5/A256/SHA256 Nov.24 08:14:35 Nov.24 16:14:35 v1 12 4 6 Show IKEv1 IKE SA: Total 19 gateways found. 1 ike sa found. IKEv1 phase-2 SAs GwID/client IP Peer-Address Gateway Name Role Algorithm SPI(in) SPI(out) MsgID ST Xt ————– ———— ———— —- ——— ——- ——– —– — — 14 193.158.105.154 T004_PH_AR Resp ESP/ DH5/tunl/SHA2 B2A89D16 89E5F86D 15D0A4D6 …

Palo Alto: aktive VPN Tunnel zeigen

user@PAC1(active)> show vpn flow total tunnels configured: 18 filter – type IPSec, state any total IPSec tunnel configured: 18 total IPSec tunnel shown: 18 id name state monitor local-ip peer-ip tunnel-i/f — —- —– ——- ——– ——- ———- 21 T029_TDM_AL:PXYID1 active off 185.9.110.39 0.0.0.0 tunnel.29 22 T244_LTE1:PXYID1 active up 185.9.110.39 0.0.0.0 tunnel.244 23 T004_PH_AR:PXYID1 active up 185.9.110.39 193.158.105.154 tunnel.4 24 T005_PH_KA:PXYID1 init down 185.9.110.39 62.156.183.234 tunnel.5 25 T214_PH_EB:PXYID1 init down 185.9.110.39 62.225.35.114 tunnel.214 26 T206_PH_GR:PXYID1 init down 185.9.110.39 62.156.183.226 tunnel.206 27 T151_PH_HE:PXYID1 init down 185.9.110.39 62.153.210.18 tunnel.151 28 T003_PH_IL:PXYID1 init down 185.9.110.39 195.243.128.170 tunnel.3 user@PAC1(active)> show vpn flow tunnel-id 23 tunnel T004_PH_AR:PXYID1 id: 23 type: IPSec gateway id: 14 local ip: 185.9.110.39 peer ip: 193.158.105.154 inner interface: tunnel.4 outer …