[j-nsp] IPSec Interoperability with Cisco Router

Harshit Kumar harshit at juniper.net
Sat Jan 1 15:13:49 EST 2005


Hi Eric,
             You can try setting this knob in the config on the J20.
This should establish
 the tunnel even if there is no traffic.

set services ipsec-vpn establish-tunnels immediately  

BR
Harshit

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Shih
(TP/ERT)
Sent: Saturday, January 01, 2005 7:16 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec Interoperability with Cisco Router

Hello

    I have a question about M20's IPSec behavior toward Cisco Router or
Pix firewall. Becasue when IPSec tunnel
(dynamic tunnel SA) is established , if you manfully clear ipsec tunnel
( clear ipsec security association) or lifetime of 
IPSec SA expire, the IPSec tunnel will not negotiate with each other if
there is no traffic going on. The only 
way to bring tunnel up is from Cisco side by using ping to trigger. It
seems that we can not bring it up from 
J20's side. Do you have any idea of it ? 

BR // Eric Shih


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp





More information about the juniper-nsp mailing list