Hi All,
I've configured tunnel from Cisco Asa to Palo Alto device. The tunnel is established but then once they reached the tunnel time out and try to establish the tunnel again it, the tunnel down/unstable.
This is my config for Cisco ASA:
Phase 1:
IKE encryption: AES256
IKE Hash: SHA256
Lifetime: 8hrs
DH Group: Group 14
Phase 2:
Encryption: AES256
Hash: SHA256
Lifetime: 1hr
DH Group: Group 14
From pcap file generated from palo,
I can see palo alto is trying to request the create child sa with a payload(lentgh) of 570 to cisco asa but then from cisco asa it replies with a different payload which is 122. Is this triggering the tunnel to fail/unstable when it try to establish again?
