Palo alto networks vpn stuck phase 1 after reboot
![palo alto networks vpn stuck phase 1 after reboot palo alto networks vpn stuck phase 1 after reboot](https://duo.com/assets/img/documentation/cloud/paloalto-globalprotect-app-settings_2x.png)
There could be numerous causes for phase-1 negotiation to fail due to timeout, basically if the ike message 1 does not reach the peer or if the peer does the respond to the message or the response is dropped would lead to this scenario.Finally, resort to PAN-OS troubleshooting steps on debugging ike p1 issues.If ping succeeds, make sure NAT-T is enabled if traffic is NAT’d in the path.If this fails, troubleshoot network connectivity, verify AWS routing and check whether traffic is being allowed by Security Group and subnet NACL.from local interface to peer interface using ping. Check connectivity between the IPsec terminating endpoints i.e.Ensure Local and Peer IDENTIFICATION is configured on both ends.Ensure ike and ipsec traffic is allowed by security policy.This article covers overview and configuration of IPSec site-to-site tunnels which are compatible with. Verify if permitted IP is configured on firewall interface Palo Alto Networks firewalls provide site-to-site and remote access VPN functionality.
![palo alto networks vpn stuck phase 1 after reboot palo alto networks vpn stuck phase 1 after reboot](https://i.ytimg.com/vi/Ik1rXsVdxl4/maxresdefault.jpg)
This may not be conclusive but if one has access to logs from peer end, it will help to narrow down further. Above log snippet shows phase-1 negotiation failed due to timeout.Resetting the gateway will cause a gap in VPN connectivity, and may. Once the command is issued, the current active instance of the Azure VPN gateway is rebooted immediately. On the page for the virtual network gateway, select Reset. 10:20:37.113 -0800 ikemgr: panike_daemon skipping phase 1 In the portal, navigate to the virtual network gateway that you want to reset.