[j-nsp] IPSEC tunnel
Johan Borch
johan.borch at gmail.com
Tue Jan 3 07:43:41 EST 2012
Hi,
Lifetime is the same on both devices, it seems to be load related, because
traffic forwarding dies if it get's to much traffic.
Thanks, I will try DPD and see if it makes any difference.
Regards
Johan
On Tue, Jan 3, 2012 at 11:34 AM, Humair Ali <humair.s.ali at gmail.com> wrote:
> Hi Johan
>
> I am guessing the 24hrs is also the lifetime of one of your phase 1 or
> phase 2 ?
>
> It could be a bug in that the Juniper does not rekeying the phase 1 or the
> phase 2 (although the SA are up, the rekeying does not occur properly),
> thiss wouldn't be uncommon especially when peering with a Cisco .
>
> somehow one of the 2 end is active (hence why SA is UP) but the other end
> is not .
>
> Have you try DPD to be enable on Juniper and Cisco end ? maybe it will
> force the rekeying to occur between the 2,
>
> I know it is available in Netscreen but not sure about SRX, but I
> remember hearing so.
>
>
>
> On 3 January 2012 07:35, Johan Borch <johan.borch at gmail.com> wrote:
>
>> Hi,
>>
>> I have an IPSEC tunnel between an Juniper SRX (policy based) running
>> 10.4R6.5 and a Cisco ASA 5510, the SA's are established but about once per
>> 24h hours (but can also work for days) the tunnel stops forwarding
>> traffic,
>> the SA's are still established. has anyone seen this behavior before? The
>> solution is to take the tunnel down and establish it again.
>>
>> Regards
>> Johan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Humair
>
>
More information about the juniper-nsp
mailing list