I have one Ikev2 site-to-site tunnel which has been stuck in this state:
Session-id:15, Status:UP-IDLE, IKE count:1, CHILD count:0
Tunnel-id Local Remote Status Role 1319195545 x.x.x.x/4500 y.y.y.y/4500 READY RESPONDER Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: PSK, Auth verify: PSK Life/Active Time: 28800/1080711 sec
Active Time has passed the lifetime a long ago. 'clear crypto ikev2 sa' or 'clear ipsec sa peer y.y.y.y' won't terminate the tunnel. What can be done to terminate this tunnel? Rebooting the firewall isn't really a solution...
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...