[j-nsp] IPSec Interoperability with Cisco Router
harshit at juniper.net
Sat Jan 1 15:13:49 EST 2005
You can try setting this knob in the config on the J20.
This should establish
the tunnel even if there is no traffic.
set services ipsec-vpn establish-tunnels immediately
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Shih
Sent: Saturday, January 01, 2005 7:16 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec Interoperability with Cisco Router
I have a question about M20's IPSec behavior toward Cisco Router or
Pix firewall. Becasue when IPSec tunnel
(dynamic tunnel SA) is established , if you manfully clear ipsec tunnel
( clear ipsec security association) or lifetime of
IPSec SA expire, the IPSec tunnel will not negotiate with each other if
there is no traffic going on. The only
way to bring tunnel up is from Cisco side by using ping to trigger. It
seems that we can not bring it up from
J20's side. Do you have any idea of it ?
BR // Eric Shih
juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp