[j-nsp] Netscreen dialup vpn questions

Asad Raza asadgardezi at gmail.com
Wed Apr 28 04:08:11 EDT 2010 

Hi Jimmy,

please try reducing phase 2 proposal lifetime to 3600 seconds and increase
phase 1 lifetime to 86400.

regards,

Asad

On Tue, Apr 27, 2010 at 12:47 PM, <mailers at oranged.to> wrote:

> Hi There,
>
> I believe that all the phase1 and phase2 variables are 100% default.. 28800
> seconds?
>
>
> ----- Original Message -----
> From: "Asad Raza" <asadgardezi at gmail.com>
> To: "Jimmy Stewpot" <mailers at oranged.to>
> Cc: juniper-nsp at puck.nether.net
> Sent: Tuesday, 27 April, 2010 5:20:11 PM
> Subject: Re: [j-nsp] Netscreen dialup vpn questions
>
> Dear Jimmy,
>
>
> please confirm what lifetime is set for phase 1 and phase 2 proposals. i
> believe you cannot flush a session unless its lifetime is expire.
>
>
> regards,
>
>
> Asad
>
>
> On Tue, Apr 27, 2010 at 11:28 AM, < mailers at oranged.to > wrote:
>
>
> Hello,
>
> I have recently swapped out a Cisco ASA with a Juniper SSG due to some
> problems with SIP on the ASA. The Juniper has been working really well with
> SIP but I have some problems with the VPN which I am trying to resolve. We
> have hundreds of dialup IPSEC VPN users who authenticate using RADIUS. The
> problem is that they keep on getting disconnected or having problems
> connecting. When I go and monitor the VPN's in the GUI I get the
> following...
>
>
> Dialup_VPN 0000817b -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 0000816d -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 00008176 -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 0000816b -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 0000814b -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 0000817a -1/-1 <IP> AutoIKE Active Down
> Dialup_VPN 0000816a -1/-1 <IP> AutoIKE Active Down
>
> Where we see the tunnels are active but the link is down.. The users then
> appear to be unable to reconnect. Is there a way to automatically flush the
> credentials/sa etc so that when they disconnect they are able to log back in
> again? Where can I go for trying to debug this stuff more easily? Any advice
> would be really appreciated.
>
> Regards,
>
> Jimmy.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list