[j-nsp] IPSec Interoperability with Cisco Router

Harshit Kumar harshit at juniper.net
Sat Jan 1 15:13:49 EST 2005

Hi Eric,
             You can try setting this knob in the config on the J20.
This should establish
 the tunnel even if there is no traffic.

set services ipsec-vpn establish-tunnels immediately  


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Shih
Sent: Saturday, January 01, 2005 7:16 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec Interoperability with Cisco Router


    I have a question about M20's IPSec behavior toward Cisco Router or
Pix firewall. Becasue when IPSec tunnel
(dynamic tunnel SA) is established , if you manfully clear ipsec tunnel
( clear ipsec security association) or lifetime of 
IPSec SA expire, the IPSec tunnel will not negotiate with each other if
there is no traffic going on. The only 
way to bring tunnel up is from Cisco side by using ping to trigger. It
seems that we can not bring it up from 
J20's side. Do you have any idea of it ? 

BR // Eric Shih

juniper-nsp mailing list juniper-nsp at puck.nether.net

More information about the juniper-nsp mailing list