cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
1
Replies

Site to Site VPN tunnel not coming up

pannick
Level 1
Level 1

We have a site to site VPN connection between two colleges. The remote college has a firewall in between our two ASAs. This week the remote college replaced their Checkpoint firewall with a Palo Alto. Since this happened we can not bring our tunnel back up. Of course Palo Alto tells the college that their config is fine and the issue lies in our hands.

When looking at the Palo Alto logs they do not show any of our ISAKMP or port 500 traffic getting to them. We can ping interfaces but as I said the tunnel will not come up.

Both ends of of the tunnel are in a  State   : MM_WAIT_MSG2

The only thing that has changed is the checkpoint being replaced with the Palo Alto. Cisco TAC was not able to figure this one out with us.

Any hints out their in the community?

Thanks

1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee