[j-nsp] IPSEC tunnel

Burkhard Ott bott at revenuewire.com
Tue Jan 3 12:04:32 EST 2012


On Tue, 3 Jan 2012 16:37:11 +0000
Humair Ali <humair.s.ali at gmail.com> wrote:

> >>> Hi,
> >>>
> >>> I have an IPSEC tunnel between an Juniper SRX (policy based)
> >>> running 10.4R6.5 and a Cisco ASA 5510, the SA's are established
> >>> but about once per
> >>> 24h hours (but can also work for days) the tunnel stops forwarding
> >>> traffic,
> >>> the SA's are still established. has anyone seen this behavior
> >>> before? The solution is to take the tunnel down and establish it
> >>> again.

Check if the tunnel dies if you send large packets, if it does check
your MTU for the tunnel.

-- 
Burkhard Ott
Sr. System Administrator
Revenuewire Inc.
1205 - 4464 Markham Street
Victoria, BC V8Z 7X8
250-984-1132 ext. 7132


More information about the juniper-nsp mailing list