[j-nsp] IPSEC tunnel
Humair Ali
humair.s.ali at gmail.com
Tue Jan 3 05:34:39 EST 2012
Hi Johan
I am guessing the 24hrs is also the lifetime of one of your phase 1 or
phase 2 ?
It could be a bug in that the Juniper does not rekeying the phase 1 or the
phase 2 (although the SA are up, the rekeying does not occur properly),
thiss wouldn't be uncommon especially when peering with a Cisco .
somehow one of the 2 end is active (hence why SA is UP) but the other end
is not .
Have you try DPD to be enable on Juniper and Cisco end ? maybe it will
force the rekeying to occur between the 2,
I know it is available in Netscreen but not sure about SRX, but I remember
hearing so.
On 3 January 2012 07:35, Johan Borch <johan.borch at gmail.com> wrote:
> Hi,
>
> I have an IPSEC tunnel between an Juniper SRX (policy based) running
> 10.4R6.5 and a Cisco ASA 5510, the SA's are established but about once per
> 24h hours (but can also work for days) the tunnel stops forwarding traffic,
> the SA's are still established. has anyone seen this behavior before? The
> solution is to take the tunnel down and establish it again.
>
> Regards
> Johan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Humair
More information about the juniper-nsp
mailing list