No phase 2 SA found
Hello,
I am having an issue with our XTM33 FW BOVPN between our corporate office and warehouse. Our HQ end of the tunnel is a PA ION 7k SD-WAN appliance. We have 3 subnets that we tunnel and the tunnel will only come up when we initiate traffic from the WG side. When I run the diagnostic, I get the following message:
Unable to find any active Phase 2 Security Associations (SAs) for tunnel route x.x.x.x
Recommendation: Confirm whether either side is currently sending traffic through the tunnel.
If I try to bring up the tunnel from the Corp office, nothing happens. It's prob something to do with the SD-WAN device but can't get that solved.
My question is, is there a way I can bring up the tunnel on the WG side and just keep it up? I've tried adjusting keep alives and all that but nothing keeps it up. Would appreciate any ideas. Thanks!
Comments
Use monitoring software, such as a ping tool, to send a ping across the tunnel at least every minute.
One example is Servers Alive. It has a free version.
https://www.woodstone.nu/
This tool can also alert you via e-mail when the tunnel goes down.
oh thats a good idea, thanks. I tried setting up an ip sla ping with a source from a vlan that is allowed over the tunnel from my core to ping it but it doesnt stay up. I'll try that.